subject:"\[tor\-bugs\] #15763 \[HTTPS Everywhere\/EFF\-HTTPS Everywhere\]\: Need whitelist entry for www.fark.com and total.fark.com"

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

2018-03-07 Thread Tor Bug Tracker & Wiki

#15763: Need whitelist entry for www.fark.com and total.fark.com
-+-
 Reporter:  bit0mike |  Owner:  (none)
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-|  release
  HTTPS Everywhere   |Version:
 Severity:  Blocker  | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by bit0mike):

 * status:  closed => reopened
 * resolution:  fixed =>
 * severity:   => Blocker


Comment:

 Digging this 3 year old ticket back up to report that enough ad networks
 are on board with SSL that we finally were able to cut everything over at
 long last.

 One new exception: we still have cases where we iframe external plaintext
 sites, so the containing page must obviously also be plaintext, and so
 we’ve created a new go.fark.net hostname dedicated to that.  That one is
 port 80 only, no 443 at all.

 Everything else under *.fark.com and *.fark.net EXCEPT for go.fark.net is
 now SSL, and sets an HSTS header to enforce it.  go.fark.net will never
 support SSL, so that needs to stay blacklisted.

 So that should, uh, drastically simplify or eliminate the
 https://github.com/EFForg/https-
 everywhere/blob/master/src/chrome/content/rules/Fark.xml ruleset, yes?
 White

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

2018-03-10 Thread Tor Bug Tracker & Wiki

#15763: Need whitelist entry for www.fark.com and total.fark.com
-+-
 Reporter:  bit0mike |  Owner:  (none)
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-|  release
  HTTPS Everywhere   |Version:
 Severity:  Blocker  | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Hi, thanks a bunch for following up with this!

 Your almost complete switch to HTTPS does not eliminate for a rule in
 HTTPS Everywhere. HTTPS Everywhere still adds an additional protection
 against attacks such as SSLstrip. Also, as opposed to HSTS, it does not
 rely on a trust of first use scheme.

 The only equivalent protection would be to HSTS preload the entire domain
 but that's not an option here since you said that some subdomains
 don't/won't support HTTPS.

 The best move here would be for you to edit the ruleset yourself. Simply
 add a target for each subdomain that supports HTTPS. More information is
 available in our contributing guide: https://github.com/EFForg/https-
 everywhere/blob/master/CONTRIBUTING.md.

 Otherwise, I can edit this ruleset for you but it would simplify things a
 lot if you could provide me with a complete list of subdomains that
 support HTTPS.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

2018-03-12 Thread Tor Bug Tracker & Wiki

#15763: Need whitelist entry for www.fark.com and total.fark.com
-+-
 Reporter:  bit0mike |  Owner:  (none)
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-|  release
  HTTPS Everywhere   |Version:
 Severity:  Blocker  | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by bit0mike):

 HTTPS domains would be all of the subjectAltNames in the www.fark.com
 certificate, plus one we're planning to add later.  So that'd be:

   
 
 
 
 
 
 
 
 
 
 
 

 
 
 

 Then go.fark.net would be the only one to exclude.

 Oh, and it should also be OK to do this now:

  

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

2018-03-12 Thread Tor Bug Tracker & Wiki

#15763: Need whitelist entry for www.fark.com and total.fark.com
-+-
 Reporter:  bit0mike |  Owner:  (none)
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-|  release
  HTTPS Everywhere   |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * severity:  Blocker => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

2018-03-12 Thread Tor Bug Tracker & Wiki

#15763: Need whitelist entry for www.fark.com and total.fark.com
-+-
 Reporter:  bit0mike |  Owner:  (none)
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-|  release
  HTTPS Everywhere   |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Thank you!

 We will have to wait to add mail.fark.com, we don't usually add non-
 functional subdomains.

 Also, https://ssl.fark.com/ times out. Do you have an example of a working
 URL for this subdomain?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

2018-03-12 Thread Tor Bug Tracker & Wiki

#15763: Need whitelist entry for www.fark.com and total.fark.com
-+-
 Reporter:  bit0mike |  Owner:  (none)
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:  HTTPS-E next Chrome
Component:  HTTPS Everywhere/EFF-|  release
  HTTPS Everywhere   |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by bit0mike):

 Wait, I'm a complete idiot.  ssl.fark.com is email only, no HTTP or HTTPS.
 (That's why we're changing the name... next time the cert's up for
 renewal.)  Take both of those off the list.  Sorry.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com

6 matches

Site Navigation

Mail list logo

Footer information