_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
One thing I've been meaning to follow up on: The spec currently says "
The ruleset database will be served as a ZIP file." I mentioned that
Content-Encoding: gzip at the HTTP level would be simpler and offer
similar compression. Yan's objection was that this could enable the
BREACH attack. However, the BREACH attack only applies when there is
both user-controllable content and secret content returned from a given
URL. The ruleset database has neither.
- Re: [HTTPS-Everywhere] Draft specification for fil... Yan Zhu
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
- Re: [HTTPS-Everywhere] Draft specification for fil... Yan Zhu
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Yan Zhu
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Yan Zhu
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob S Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
- Re: [HTTPS-Everywhere] Draft specification for fil... Yan Zhu
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
- Re: [HTTPS-Everywhere] Draft specification for fil... Maxim Nazarenko
- Re: [HTTPS-Everywhere] Draft specification for fil... Jacob S Hoffman-Andrews
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
- Re: [HTTPS-Everywhere] Draft specification for fil... Yan Zhu
- Re: [HTTPS-Everywhere] Draft specification for fil... Red
