[HTTPS-Everywhere] HTTPS Everywhere vs Preloaded HSTS list
Jacob Hoffman-Andrews
jsha at eff.org
Tue Mar 17 11:57:39 PDT 2015
On 03/16/2015 11:37 PM, Dave Warren wrote:
> I'm curious if anyone has ever looked at HTTPS Everywhere's database
> and considered dropping sites that are in preloaded HSTS lists? -- I'm
> assuming that part of the performance impact is linked to the number
> of rules, and under this theory, it seems like reducing the number of
> rules without reducing security would be a net win.
I've definitely considered this, but I think it's not likely to be a big
performance win. As I understand it, there are ~300 hostnames on the
preloaded list (updated numbers welcome!), vs ~14.5k rulesets in HTTPS
Everywhere, with many hostnames per ruleset.
I'm extremely interested in improving the performance of HTTPS
Everywhere with regards to both CPU and RAM. If you are interested in
doing some work in the area, I would really appreciate it. I think the
first step would be to do a CPU and RAM profile of the extension under
some example usage (i.e. open N URLs that have either a top-level
rewrite or many embedded rewrites).
More information about the HTTPS-Everywhere
mailing list