[HTTPS-Everywhere] Turning HSTS headers into HTTPS Everywhere rules?
Lunar
lunar at torproject.org
Thu Sep 11 19:43:04 PDT 2014
Hi!
(Crazy idea of the day:)
How about crawling HTTPS websites, recording HSTS [1] headers, and
turning the information into HTTPS Everywhere rules automatically?
Has this been ever tried?
Is it a terrible idea?
HSTS headers contain expiration dates, so with the proper database, we
would know when to return to a given website for updates.
[1]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
--
Lunar <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140912/a1984c1d/attachment.sig>
More information about the HTTPS-Everywhere
mailing list