[tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 10 11:41:15 UTC 2018
#15763: Need whitelist entry for www.fark.com and total.fark.com
-------------------------------------+-------------------------------------
Reporter: bit0mike | Owner: (none)
Type: defect | Status: reopened
Priority: Medium | Milestone: HTTPS-E next Chrome
Component: HTTPS Everywhere/EFF- | release
HTTPS Everywhere | Version:
Severity: Blocker | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
Comment (by cypherpunks):
Hi, thanks a bunch for following up with this!
Your almost complete switch to HTTPS does not eliminate for a rule in
HTTPS Everywhere. HTTPS Everywhere still adds an additional protection
against attacks such as SSLstrip. Also, as opposed to HSTS, it does not
rely on a trust of first use scheme.
The only equivalent protection would be to HSTS preload the entire domain
but that's not an option here since you said that some subdomains
don't/won't support HTTPS.
The best move here would be for you to edit the ruleset yourself. Simply
add a target for each subdomain that supports HTTPS. More information is
available in our contributing guide: https://github.com/EFForg/https-
everywhere/blob/master/CONTRIBUTING.md.
Otherwise, I can edit this ruleset for you but it would simplify things a
lot if you could provide me with a complete list of subdomains that
support HTTPS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15763#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list