>> This is sort of an odd comment, isn't it? Isn't the fundamental model >> of https-everywhere to have a ruleset for every site on the web? > > I don't think that HTTPS Everywhere can scale to have a rule for > every web site -- and if the browsers that it runs in are willing to do > equivalent work in a (potentially) more efficient way, I don't think we > need to make rules that are redundant with the existing browser behavior.
Agreed. To put it more succinctly, for sites that do at least as good a job of HTTPS'ing themselves as HTTPS-E does, we would choose not to include a rule. Practically speaking that means they would have to have an HSTS preload with includeSubdomains = true in both Chrome and Firefox. _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
