[HTTPS-Everywhere] ideas for improvements to development and use of the ruleset
Yan Zhu
yan at eff.org
Sun Mar 30 23:48:53 PDT 2014
On 03/30/2014 08:08 PM, Paul Wise wrote:
> On Wed, 2014-03-05 at 16:13 +0800, Paul Wise wrote:
>
>> Yeah, that is why I suggest only submitting domains rather than rules.
>> When you get new domains submitted by users you can pro-actively check
>> the ruleset, test the domains from multiple network points and update
>> the ruleset.
>
> On that note, do submissions from the SSL observatory get turned into
> HTTPS Everwhere rulesets at all?
>
Not currently, though I would be worried about people submitting spoofed
certs. We'd still have to check the domains to make sure the site
supports SSL and nothing is terribly broken.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140330/dd66f94e/attachment.sig>
More information about the HTTPS-Everywhere
mailing list