Unsecure connections can be MITMed easily. If the site is not HSTS preload list, the corresponding rule should stay.
Best regards, Maxim Nazarenko On 21 July 2015 at 12:21, Martin Mulazzani <[email protected]> wrote: > We changed the labeling in the expert mode - its now "Rule makes no > sense" for exactly these cases. We aim for two manual evaluations per > page, with at least one in expert mode. > > The border-line use cases are those of scientific value, while we also > generated a ruleset based on the existing HTTPSEveryhwere rules (but in > a rather hacky way). One observation here is that a considerable > percentage of the rules no longer need to be included, as port 80 > redirects to HTTPS anyway. > > I'll keep you updated. Please keep klicking, and spread the link! > > Thx, Martin > > On 2015-07-17 19:39, Dave Warren wrote: > > On 2015-07-17 01:25, Greg Lindahl wrote: > >> On Thu, Jul 16, 2015 at 09:49:26AM +0200, Martin Mulazzani wrote: > >>> Hi all! > >>> > >>> Yesterday we launched a new version of https://tlscompare.org. If you > >>> use HTTPSEverwhere, please disable it - then go to > >>> https://tlscompare.org, and click compare. Rinse, repeated, and klick > >>> some more. > >> For my first try, I got a site where https redirected to http. I'm not > >> sure what to click, and the FAQ doesn't help. > > > > I'd say they're not identical. Think about it in a HTTPS Everywhere > > context, if this rule were implemented, you'd end up with a loop, and > > the user wouldn't get what they intended. > > > > But that's just me, I'm not involved with the project, wait for official > > feedback for an official answer :) > > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere >
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
