[HTTPS-Everywhere] tlscompare.org - for Science!!!
Maxim Nazarenko
nz.phone at mail.ru
Tue Jul 21 05:30:50 PDT 2015
Unsecure connections can be MITMed easily. If the site is not HSTS preload
list, the corresponding rule should stay.
Best regards,
Maxim Nazarenko
On 21 July 2015 at 12:21, Martin Mulazzani <mmulazzani at sba-research.org>
wrote:
> We changed the labeling in the expert mode - its now "Rule makes no
> sense" for exactly these cases. We aim for two manual evaluations per
> page, with at least one in expert mode.
>
> The border-line use cases are those of scientific value, while we also
> generated a ruleset based on the existing HTTPSEveryhwere rules (but in
> a rather hacky way). One observation here is that a considerable
> percentage of the rules no longer need to be included, as port 80
> redirects to HTTPS anyway.
>
> I'll keep you updated. Please keep klicking, and spread the link!
>
> Thx, Martin
>
> On 2015-07-17 19:39, Dave Warren wrote:
> > On 2015-07-17 01:25, Greg Lindahl wrote:
> >> On Thu, Jul 16, 2015 at 09:49:26AM +0200, Martin Mulazzani wrote:
> >>> Hi all!
> >>>
> >>> Yesterday we launched a new version of https://tlscompare.org. If you
> >>> use HTTPSEverwhere, please disable it - then go to
> >>> https://tlscompare.org, and click compare. Rinse, repeated, and klick
> >>> some more.
> >> For my first try, I got a site where https redirected to http. I'm not
> >> sure what to click, and the FAQ doesn't help.
> >
> > I'd say they're not identical. Think about it in a HTTPS Everywhere
> > context, if this rule were implemented, you'd end up with a loop, and
> > the user wouldn't get what they intended.
> >
> > But that's just me, I'm not involved with the project, wait for official
> > feedback for an official answer :)
> >
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150721/542cc4b3/attachment.html>
More information about the HTTPS-Everywhere
mailing list