I'd say work in a separate branch until you're confident that it works well and doesn't break anything else, and then I can review it and merge it into master.
On 08/27/2013 07:14 AM, Chris Wilper wrote: > Hi Micah, > > Thanks for getting back. Although I did end up doing this as an > independent extension, I still think it would be great to have an > https-only mode directly in HTTPS Everywhere, and would be glad to work > on it. I'm not as familiar with the Chromium side of things, but I could > certainly give it a shot. I like the idea of just making it an > about:config pref for now. Would it make most sense to do this work > against the master branch, or some other branch? > > Also, fyi I just published a blog post yesterday on why I think this > kind of capability is important: > http://rx4g.wordpress.com/2013/08/26/why-browsers-need-encrypted-only-mode/ > It mentions HTTPS Everywhere as well as the independent extension I did, > but the the post actually goes further and argues for this as a core > browser feature. I may be in the minority on that opinion, but it did > spark some interesting discussion in /r/netsec (linked from the top of > the post). > > Thanks, > Chris > > On Tue, Aug 20, 2013 at 2:19 PM, Micah Lee <[email protected] > <mailto:[email protected]>> wrote: > > Sorry about not responding to this for almost a month. I think > integrating an https-only mode into HTTPS Everywhere would be great. If > you'd like to start hacking on it, please do. > > I think that obviously this should default to off, and there should be > some setting to turn it back on. But right now HTTPS Everywhere doesn't > actually have a very robust settings dialog. For now it could just be an > about:config preference, like extensions.https_everywhere.https_only. > > Would you want to work on this for both Firefox and Chromium? > > On 07/28/2013 08:20 PM, Chris Wilper wrote: > > Hi all, > > > > As a user of https-everywhere, first I want to say thanks to the > > people involved in developing and maintaining it over the years. It's > > a great tool and promotes an important conversation. > > > > When I first came across the extension, one thing I hoped it had was > > an https-only mode -- a way to temporarily ensure that no unencrypted > > web traffic could possibly leave my browser. Has this been discussed > > before in the context of this project? I checked the mailing list > > archives and came up short. > > > > I'm sure folks here are familiar with the kinds of use cases that such > > an assurance could help with, but here are a couple specific examples > > to consider: 1) When I'm at my bank's website I want to make > > absolutely sure I don't (accidentally or maliciously) get transferred > > over to an unencrypted connection without noticing. 2) When browsing > > anonymously with Tor, I don't want any unencrypted traffic to ever > > pass through an exit node. > > > > Anyway, I'd really like to see a mode like this integrated into > > https-everywhere if it would be considered in-scope for the project. > > Something like a quick toggle ability and indication in the toolbar > > button graphic that you're in https-only mode. When in this mode, > > non-https requests would simply fail before leaving the browser. > > > > As a proof of concept, I did a standalone Firefox extension that does > > this and put it up here: https://github.com/cwilper/http-nowhere If > > there's support for having this kind of capability directly in > > https-everywhere, I'd be glad to start hacking away at it in that > > context, with as much guidance as the committers are willing to > > provide. Failing that, I'd probably just continue on the standalone > > route. Thoughts? > > > > Thanks, > > Chris > > > > _______________________________________________ > > HTTPS-everywhere mailing list > > [email protected] <mailto:[email protected]> > > https://mail1.eff.org/mailman/listinfo/https-everywhere > > > > > -- > Micah Lee > Staff Technologist > Electronic Frontier Foundation > https://eff.org/join > @micahflee > > > _______________________________________________ > HTTPS-everywhere mailing list > [email protected] <mailto:[email protected]> > https://mail1.eff.org/mailman/listinfo/https-everywhere > > -- Micah Lee Staff Technologist Electronic Frontier Foundation https://eff.org/join @micahflee
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-everywhere mailing list [email protected] http://lists.eff.org/cgi-bin/mailman/listinfo/https-everywhere
