[HTTPS-Everywhere] Turning HSTS headers into HTTPS Everywhere rules?
Jameson Graef Rollins
jrollins at finestructure.net
Thu Sep 11 20:03:21 PDT 2014
On Thu, Sep 11 2014, Lunar <lunar at torproject.org> wrote:
> Hi!
>
> (Crazy idea of the day:)
>
> How about crawling HTTPS websites, recording HSTS [1] headers, and
> turning the information into HTTPS Everywhere rules automatically?
>
> Has this been ever tried?
>
> Is it a terrible idea?
>
> HSTS headers contain expiration dates, so with the proper database, we
> would know when to return to a given website for updates.
>
> [1]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Don't firefox and chrome already come with pre-loaded lists of HTST
sites by default?
https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
At least that was my understanding of their intention.
jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140911/8e040f82/attachment.sig>
More information about the HTTPS-Everywhere
mailing list