[HTTPS-Everywhere] tlscompare.org - for Science!!!
Maxim Nazarenko
nz.phone at mail.ru
Tue Jul 21 14:05:07 PDT 2015
You are right, I was referring specifically to "One observation here is
that a considerable
percentage of the rules no longer need to be included, as port 80
redirects to HTTPS anyway."
Best regards,
Maxim Nazarenko
On 22 July 2015 at 00:01, Jacob Hoffman-Andrews <jsha at eff.org> wrote:
> On 07/21/2015 05:30 AM, Maxim Nazarenko wrote:
> > Unsecure connections can be MITMed easily. If the site is not HSTS
> > preload list, the corresponding rule should stay.
> It sounds like you are talking about sites that redirect from HTTP to
> HTTPS. I think Dave Warren is talking about something else: A site that
> forcibly redirects from HTTPS to HTTP. We can't include these in HTTPS
> Everywhere because the site would fail to load.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150722/9247acca/attachment.html>
More information about the HTTPS-Everywhere
mailing list