[tor-bugs] #6485 [EFF-HTTPS Everywhere]: Default rules to off (or partial marked) for less than 100% https sites
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Aug 2 23:36:26 UTC 2012
#6485: Default rules to off (or partial marked) for less than 100% https sites
-------------------------------------+--------------------------------------
Reporter: grarpamp | Owner: pde
Type: defect | Status: closed
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: wontfix | Keywords:
Parent: | Points:
Actualpoints: |
-------------------------------------+--------------------------------------
Changes (by pde):
* status: new => closed
* resolution: => wontfix
Comment:
The browser UI should indicate the difference between full HTTPS and mixed
content. Chrome still does this clearly, but Firefox has unfortunately
moved in the wrong direction. If you want to file a bugzilla bug calling
for clearer HTTPS UI, please send the bug ID and we'll happily weigh in
there :).
In the mean time, I'm going to mark this WONTFIX. Partial HTTPS can offer
useful defenses against passive surveillance adversaries, so we want to
keep it there. Also, _some_ of the partial rulesets with <securecookie>
tags offer genuine and significant protection even against active
adversaries (though it depends on what type of content is loaded via HTTP,
of course).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6485#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list