[HTTPS-Everywhere] HTTPS Everywhere vs Preloaded HSTS list
Finn
finn at herzfeld.me
Tue Mar 17 12:03:20 PDT 2015
It's slightly larger than 300 hostnames, although not nearly the 14.5k that
HTTPS Everywhere is:
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json
On Tue, Mar 17, 2015 at 11:57 AM Jacob Hoffman-Andrews <jsha at eff.org> wrote:
> On 03/16/2015 11:37 PM, Dave Warren wrote:
> > I'm curious if anyone has ever looked at HTTPS Everywhere's database
> > and considered dropping sites that are in preloaded HSTS lists? -- I'm
> > assuming that part of the performance impact is linked to the number
> > of rules, and under this theory, it seems like reducing the number of
> > rules without reducing security would be a net win.
> I've definitely considered this, but I think it's not likely to be a big
> performance win. As I understand it, there are ~300 hostnames on the
> preloaded list (updated numbers welcome!), vs ~14.5k rulesets in HTTPS
> Everywhere, with many hostnames per ruleset.
>
> I'm extremely interested in improving the performance of HTTPS
> Everywhere with regards to both CPU and RAM. If you are interested in
> doing some work in the area, I would really appreciate it. I think the
> first step would be to do a CPU and RAM profile of the extension under
> some example usage (i.e. open N URLs that have either a top-level
> rewrite or many embedded rewrites).
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150317/8bc80b69/attachment.html>
More information about the HTTPS-Everywhere
mailing list