[tor-bugs] #6485 [EFF-HTTPS Everywhere]: Default rules to off (or partial marked) for less than 100% https sites
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Jul 30 06:35:19 UTC 2012
#6485: Default rules to off (or partial marked) for less than 100% https sites
----------------------------------+-----------------------------------------
Reporter: grarpamp | Owner: pde
Type: defect | Status: new
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Assuming a goal of HTTPS-E is to avoid exposing the general user to much
risk, let us not enable by default rulesets which do not offer 100%
encryption coverage of a site experience.
A happy pretty green checkmark by a ruleset seems to imply that...
- authentication login tokens are safe
- session info (cookie, SID, etc) is safe
- content is safe
Yet some rulesets are happy green pretty when no such guarantee is
provided by said rules. Not to mention exposing fallback can occur when
rule breaks since there is currently no 'do not fallback' option.
So default them off, or deploy another indicator for them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6485>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list