#15763: Need whitelist entry for www.fark.com and total.fark.com
 Reporter:  bit0mike                 |          Owner:  (none)
     Type:  defect                   |         Status:  reopened
 Priority:  Medium                   |      Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-    |  release
  HTTPS Everywhere                   |        Version:
 Severity:  Blocker                  |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:

Comment (by cypherpunks):

 Hi, thanks a bunch for following up with this!

 Your almost complete switch to HTTPS does not eliminate for a rule in
 HTTPS Everywhere. HTTPS Everywhere still adds an additional protection
 against attacks such as SSLstrip. Also, as opposed to HSTS, it does not
 rely on a trust of first use scheme.

 The only equivalent protection would be to HSTS preload the entire domain
 but that's not an option here since you said that some subdomains
 don't/won't support HTTPS.

 The best move here would be for you to edit the ruleset yourself. Simply
 add a target for each subdomain that supports HTTPS. More information is
 available in our contributing guide: https://github.com/EFForg/https-

 Otherwise, I can edit this ruleset for you but it would simplify things a
 lot if you could provide me with a complete list of subdomains that
 support HTTPS.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15763#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to