[HTTPS-Everywhere] Avira wants to contribute
Thorsten Sick
thorsten.sick at avira.com
Mon Mar 2 00:35:06 PST 2015
Hi Daniel
Am 28.02.2015 um 04:30 schrieb Daniel Kahn Gillmor:
> On Wed 2015-02-25 14:08:08 -0500, Seth David Schoen wrote:
>> Hi Thorsten, nice to hear from you! I just wanted to mention this
>> point is discussed in
>>
>> https://lists.eff.org/pipermail/https-everywhere/2014-January/thread.html#1901
>>
>> and elsewhere -- you can take a look at the Firefox and Chromium bugs
>> that are linked from Jacob's quoted message.
>>
>> I think I was the person who told you that, and that is the main
>> difficulty right now. The problem is that Chromium will block mixed
>> content before allowing us to rewrite the insecure URLs to secure URLs,
>> even though the resulting secure URLs would no longer count as mixed
>> content. The Chromium developers have described this as working as
>> intended; for us, it means that there are sites that we could otherwise
>> fix that instead we break or else leave insecure.
>
> In discussion on webappsec, several different people (including Mike
> West from Google and myself) have suggested that browsers should
> experiment with auto-upgrading blockable mixed content from http to
> https, since this is strictly no worse from an end user experience than
> blocking anyway.
>
> See: http://www.w3.org/mid/CAKXHy=c6KLDQxJHVi_tcYNnEh3ttUHN+RCkuEPjP4BYyUQr-sw@mail.gmail.com
>
> I think this would address many (most?) of the concerns raised by Seth
> above.
>
> A patch to Chromium to implement this change would be a nice
> contribution.
This looks very good. I added that to our itnernal bug and we will
tackle it maybe in some weeks (I am not boss of the team or the manager
handling priorities). Do you have a developer who was part of the
planning and could help us when we want to start on this project ?
Having Google people involved in the planning I assume there is already
a list of code lines that must be touched. That would reduce errors and
get it done soon.
Looking forward to it.
Thorsten Sick
> --dkg
>
--
Avira Operations GmbH & Co. KG
Kaplaneiweg 1 | 88069 Tettnang | Deutschland / Germany
Telefon / Telephone: +49 7542-500 0
Telefax / Facsimile: +49 7542-500 3000
Registergericht: Amtsgericht Ulm, HRA 722586 | USt.-IdNr.: DE 815289569 | Pers. haftende Gesellschafterin: Avira OP GmbH | Firmensitz: Tettnang | Registergericht: Amtsgericht Ulm, HRB 726712 | Geschäftsführer: Travis Witteveen
Commercial Register: Amtsgericht Ulm, HRA 722586 | VAT-ID: DE 815289569 | Personally Liable Partner: Avira OP GmbH | Headquarters: Tettnang | Commercial Register: Amtsgericht Ulm, HRB 726712 | Chief Executive Officer (CEO): Travis Witteveen
More information about the HTTPS-Everywhere
mailing list