Hi Daniel Am 28.02.2015 um 04:30 schrieb Daniel Kahn Gillmor: > On Wed 2015-02-25 14:08:08 -0500, Seth David Schoen wrote: >> Hi Thorsten, nice to hear from you! I just wanted to mention this >> point is discussed in >> >> https://lists.eff.org/pipermail/https-everywhere/2014-January/thread.html#1901 >> >> and elsewhere -- you can take a look at the Firefox and Chromium bugs >> that are linked from Jacob's quoted message. >> >> I think I was the person who told you that, and that is the main >> difficulty right now. The problem is that Chromium will block mixed >> content before allowing us to rewrite the insecure URLs to secure URLs, >> even though the resulting secure URLs would no longer count as mixed >> content. The Chromium developers have described this as working as >> intended; for us, it means that there are sites that we could otherwise >> fix that instead we break or else leave insecure. > > In discussion on webappsec, several different people (including Mike > West from Google and myself) have suggested that browsers should > experiment with auto-upgrading blockable mixed content from http to > https, since this is strictly no worse from an end user experience than > blocking anyway. > > See: > http://www.w3.org/mid/CAKXHy=c6kldqxjhvi_tcynneh3ttuhn+rckuepjp4byyuqr...@mail.gmail.com > > I think this would address many (most?) of the concerns raised by Seth > above. > > A patch to Chromium to implement this change would be a nice > contribution.
This looks very good. I added that to our itnernal bug and we will tackle it maybe in some weeks (I am not boss of the team or the manager handling priorities). Do you have a developer who was part of the planning and could help us when we want to start on this project ? Having Google people involved in the planning I assume there is already a list of code lines that must be touched. That would reduce errors and get it done soon. Looking forward to it. Thorsten Sick > --dkg > -- Avira Operations GmbH & Co. KG Kaplaneiweg 1 | 88069 Tettnang | Deutschland / Germany Telefon / Telephone: +49 7542-500 0 Telefax / Facsimile: +49 7542-500 3000 Registergericht: Amtsgericht Ulm, HRA 722586 | USt.-IdNr.: DE 815289569 | Pers. haftende Gesellschafterin: Avira OP GmbH | Firmensitz: Tettnang | Registergericht: Amtsgericht Ulm, HRB 726712 | Geschäftsführer: Travis Witteveen Commercial Register: Amtsgericht Ulm, HRA 722586 | VAT-ID: DE 815289569 | Personally Liable Partner: Avira OP GmbH | Headquarters: Tettnang | Commercial Register: Amtsgericht Ulm, HRB 726712 | Chief Executive Officer (CEO): Travis Witteveen _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
