[HTTPS-Everywhere] Design Question for companies with multiple websites
Jacob Hoffman-Andrews
jsha at eff.org
Fri Apr 3 10:40:20 PDT 2015
We don't have any official guidelines for that yet, and the behavior
varies a lot.
Things to consider:
- If all domains are operated by the same company, they are likely to
all support HTTPS or not in similar ways, which favors combining them.
- If one domain breaks, are the others likely to break too? Putting
them all in one rule lets users disable them all in one click.
- If one domain fails the ruleset checker, the whole ruleset will be
disabled until that domain is fixed. But this might be desired behavior.
- We discourage having the same target host across multiple rulesets,
so if the content-cdn is shared, that favors either combining all into
one ruleset, or giving the content-cdn its own ruleset.
I'm interested in feedback from other ruleset authors on this: What
factors do you weigh when deciding to combine or separate related rulesets?
Thanks,
Jacob
On 04/03/2015 08:20 AM, Numismatika wrote:
> Hello list,
> i was thinking about creating rules that cover the zam network.
> One rule for each subsite they run was the first idea, since some big
> companies like google also have multiple rules already in HTTPS-Everywhere.
> Then i thought, some of the content-cdn is shared, so one rule for all
> the sites would also be possible.
> Is that something where one rolls the dice or is it a question of some
> other factors, like size , amount of involved and shared sub-domains?
>
> Regards,
> Numismatika
>
>
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
More information about the HTTPS-Everywhere
mailing list