Some of the work is done already. There's a script in utils/ to fetch the chromium preload list and turn it into rulesets automatically; someone should run it and commit the new rulesets. :)
I suspect that in FF and Chrome, HSTS happens earlier in the request pipeline before HTTPS Everywhere rewrites. One potential downfall is that this would make the ruleset list very large, and HTTPS Everywhere is probably less efficient at doing its job than HSTS. -Yan On 09/11/2014 07:43 PM, Lunar wrote: > Hi! > > (Crazy idea of the day:) > > How about crawling HTTPS websites, recording HSTS [1] headers, and > turning the information into HTTPS Everywhere rules automatically? > > Has this been ever tried? > > Is it a terrible idea? > > HSTS headers contain expiration dates, so with the proper database, we > would know when to return to a given website for updates. > > [1]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security > _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
