On 06.11.2014 13:27, Steven Tress wrote:
> Hello
>
> I've just converted my site to HTTPS. Attached is the ruleset for the
> site, suggested to be included in the built in repository.
>
> Steven Tress
Since your site also supports HSTS there is no need for an extra
httpsE-rule.
Btw: You could s
On Thu 2015-02-05 05:12:50 -0500, Alexander Buchner wrote:
> On 06.11.2014 13:27, Steven Tress wrote:
>> I've just converted my site to HTTPS. Attached is the ruleset for the
>> site, suggested to be included in the built in repository.
>
> Since your site also supports HSTS there is no need for an
Not to argue against adding a ruleset, but the domain is in the HSTS-list¹,
so the browser will not try to connect to it insecurely.
¹
https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json
Kind regards,
Joakim
2015-02-05 16:54 GMT+01:00 Daniel Kahn
On 05.02.2015 16:54, Daniel Kahn Gillmor wrote:
> Alexander, I don't think that's the right analysis. Having an
> httpsE-rule avoids an sslstrip attack for people in their first time
> visiting, which HSTS does not defend against.
>
> If i type "steventress.com" into my browser right now (having
On Thu 2015-02-05 11:12:29 -0500, Joakim Walldén wrote:
> Not to argue against adding a ruleset, but the domain is in the HSTS-list¹,
> so the browser will not try to connect to it insecurely.
>
> ¹
> https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.j
Daniel Kahn Gillmor writes:
> I guess both chromium and firefox support the preload list these days,
> so maybe that means it's not necessary? but it would be a shame for
> someone to take the httpse dataset (e.g. for something like a local
> proxy service) and *not* include things that happened
On Thu 2015-02-05 13:42:55 -0500, Seth David Schoen wrote:
> In the past I had a script to autogenerate rules from the preload list,
> but I think we decided that it was redundant because the browsers we
> support now all use that list. I don't think we've thought about the
> effect for folks (may
