On 27.08.2014 19:00, Jacob S Hoffman-Andrews wrote:
> On 08/27/2014 12:15 PM, Alexander Buchner wrote:
>> Ok, this is for Linux. And for a Windows user?
>
> We don't yet have development instructions for Windows user; If
> you're interested in helping with that, it would be very helpful.
>
> We d
Changelog:
chrome-2014.9.11(2014-09-11)
* Rulesets and bugfixes from 4.0.1
4.0.1 (2014-09-11)
* Significant new coverage: Reddit, Quora
* Fixes include:
Frontier Networks, Hotmail / Live, Microsoft, Mozilla, Ohio State,
R
Hi!
(Crazy idea of the day:)
How about crawling HTTPS websites, recording HSTSÂ [1] headers, and
turning the information into HTTPS Everywhere rules automatically?
Has this been ever tried?
Is it a terrible idea?
HSTS headers contain expiration dates, so with the proper database, we
would know
Hi all,
Would it be possible for https-everywhere to always redirect to https
when TLSA DNS records exist?
By way of example, if one disables Debian.xml, www.debian.org should
always redirect to https anyway due to:
$ dig +short TLSA _443._tcp.www.debian.org.
3 1 1 BCAFDCC89EC752F77CA79A0D9A1ACA
On Thu, Sep 11 2014, Lunar wrote:
> Hi!
>
> (Crazy idea of the day:)
>
> How about crawling HTTPS websites, recording HSTSÂ [1] headers, and
> turning the information into HTTPS Everywhere rules automatically?
>
> Has this been ever tried?
>
> Is it a terrible idea?
>
> HSTS headers contain expirat
Some of the work is done already. There's a script in utils/ to fetch
the chromium preload list and turn it into rulesets automatically;
someone should run it and commit the new rulesets. :)
I suspect that in FF and Chrome, HSTS happens earlier in the request
pipeline before HTTPS Everywhere rewri
On Thu, Sep 11 2014, yan wrote:
> One potential downfall is that this would make the ruleset list very
> large, and HTTPS Everywhere is probably less efficient at doing its job
> than HSTS.
This is sort of an odd comment, isn't it? Isn't the fundamental model
of https-everywhere to have a rulese
Hey,
If you have a website (or know someone who has one), there's a prelist:
http://hstspreload.appspot.com/
(see also: https://plus.google.com/+IlyaGrigorik/posts/8uf3a2FGt2Z by Ilya
Grigorik)
Cheers,
Yuksel.
2014-09-12 6:23 GMT+02:00 Jameson Graef Rollins
:
> On Thu, Sep 11 2014, yan wrote
