[Pkg-mozext-maintainers] Handling of HTTPS Everywhere updates
onlyjob at member.fsf.org
Wed Jun 5 16:42:07 UTC 2013
On Wed, 5 Jun 2013 18:19:31 Paul Wise wrote:
> If you someday decide to visit a random site that happens to have
> https in place it would be best if you have the data installed with
> it, know that https is available and only use it instead of http.
Of course but this might bring problem(s) as well. For instance from
my own experience I remember that some eBay pages do not work properly
when HTTPS is enforced. (They look similar but just doesn't sent the
form over HTTPS...) Even if you familiar with web site it may take a
lot of time to figure out such problem but for new web site one would
most likely to assume that it is broken. In theory https-everywhere
might be responsible for such breakage.
> Aside from that, it is vulnerable to network attackers blocking the
> initial HTTPS probes that it sends.
I'm not sure if I understand the problem here. If HTTPS negotiation is
blocked then HTTPS (obviously) is not working... Or is it more
GPG key : 4096R/53968D1B
More information about the Pkg-mozext-maintainers