On Thu, Sep 11 2014, Lunar <[email protected]> wrote: > Hi! > > (Crazy idea of the day:) > > How about crawling HTTPS websites, recording HSTSÂ [1] headers, and > turning the information into HTTPS Everywhere rules automatically? > > Has this been ever tried? > > Is it a terrible idea? > > HSTS headers contain expiration dates, so with the proper database, we > would know when to return to a given website for updates. > > [1]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Don't firefox and chrome already come with pre-loaded lists of HTST sites by default? https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ At least that was my understanding of their intention. jamie.
pgprU_2Xwijfl.pgp
Description: PGP signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
