Hi Paul,
El 2014-09-12 10:57:33, Paul Wise escribió:
> Would it be possible for https-everywhere to always redirect to https
> when TLSA DNS records exist?
As far as I know publishing a TLSA records only indicates what
certificate is used on a given service.
Especially it does not indicate, that
You can still run extensions in "developer mode" if you unzip the
.crx, but we do definitely need a better approach to beta-testing
things (especially rulesets).
On Thu, Sep 11, 2014 at 10:40 AM, Alexander Buchner
wrote:
> On 27.08.2014 19:00, Jacob S Hoffman-Andrews wrote:
>> On 08/27/2014 12:15
I fought hard with the Chrome team to get them to reintroduce a sensible
way for developers to install their own .crx files, but I failed:
https://code.google.com/p/chromium/issues/detail?id=133818
We clearly need to update our documentation to explain to people how to
use the "load unpacked exte
On Fri, 2014-09-12 at 09:39 +, Matthias Wimmer wrote:
> Especially it does not indicate, that every resource available on a
> given HTTP URI is also available on the corresponding HTTPS URI.
>
> E.g. a shop may use a TLSA record for the X.509 certificate of its
> secure webserver, but may onl
Matthias Wimmer writes:
> Especially it does not indicate, that every resource available on a
> given HTTP URI is also available on the corresponding HTTPS URI.
That possibility is a reason not to create redirections automatically,
since historically we've had a number of examples of sites where
On Fri, 2014-09-12 at 18:17 -0700, Seth David Schoen wrote:
> Matthias Wimmer writes:
>
> > Especially it does not indicate, that every resource available on a
> > given HTTP URI is also available on the corresponding HTTPS URI.
>
> That possibility is a reason not to create redirections automati
Jameson Graef Rollins writes:
> On Thu, Sep 11 2014, yan wrote:
> > One potential downfall is that this would make the ruleset list very
> > large, and HTTPS Everywhere is probably less efficient at doing its job
> > than HSTS.
>
> This is sort of an odd comment, isn't it? Isn't the fundamental
Paul Wise writes:
> I don't have any data but I would hazard a guess that sites with DNSSEC
> and TLSA setup are serious enough about security to not be that broken.
I agree that those are very good signs that the operator cares about
security, but it's still possible to imagine that they only se
On Fri, 2014-09-12 at 18:44 -0700, Seth David Schoen wrote:
> I agree that those are very good signs that the operator cares about
> security, but it's still possible to imagine that they only serve a
> subset of their site resources over HTTPS.
How about a new DNS record for the policy of the we
