[tor-bugs] #2413 [EFF-HTTPS Everywhere]: HTTPS Everywhere for Chrome
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jan 19 19:18:15 UTC 2011
#2413: HTTPS Everywhere for Chrome
----------------------------------+-----------------------------------------
Reporter: aaronsw | Owner: pde
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
----------------------------------+-----------------------------------------
I understand that Chrome doesn't yet have the necessary API to make this
completely secure (in particular, [http://crbug.com/50943 bug 50943] means
that you can't stop the first request to an insecure page) but there's
much else to be done:
* Set up the repository so the rulesets can be read by Firefox and Chrome
extension code
* After loading an insecure page immediately redirect to the secure
version so that relative links and future requests are done securely
* Use the beforeload/preventDefault API to prevent/rewrite insecure
subrequests (e.g.
[http://code.google.com/p/byoogle/source/browse/trunk/google/chrome/disconnect/content.js
Chrome Disconnect])
([http://developer.apple.com/library/safari/documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9
webkit docs])
I understand that this doesn't provide the full security benefits of
Firefox HTTPS Everywhere, but I think it would a) provide a clear
improvement in security to those who understand the risks, b) make it easy
to provide the full security benefits as soon as the necessary APIs have
landed. It may also increase the pressure to finish those APIs.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2413>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list