[HTTPS-Everywhere] Using the rules in a proxy?

[Jacob Hoffman-Andrews]

My main concerns are:
 - How do you make sure you get updates?
 - How do you deal with changed ruleset semantics?

Probably the best approach is to fetch the official releases
periodically, extract rulesets.sqlite, and use the rulesets from there.
This should be done in an automated way. That way, as maintainers, we
don't have to worry about various versions of the rulesets out there.

For changed ruleset semantics, you'll just have to follow the repository
carefully.

You'll probably need some special logic around cookies. What happens
when a site sets a cookie with the secure flag? If you pass that to the
browser, and the browser thinks it is talking HTTP, it won't send the
cookie on subsequent requests.

You'll also want to think carefully about what happens as users migrate
on and off of your network. I.e. they may have a set of sites open to
their HTTP version, but while they were behind your proxy they were
getting automatically rewritten to HTTPS for the rest of their trip. Is
it okay for users to start leaking cookies over HTTP with no warning if
they migrate off your network?

It would help to know some more about your planned deployment scenario.
How big a network? Wireless or wired? How much control over the endpoints?

I think in many cases it might be more effective to strongly encourage
your users to install the HTTPS Everywhere extension.