Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]

Arjan n6bc23cpcduw at list.nospam.xutrox.com
Mon Feb 23 20:29:33 UTC 2009


coderman wrote:
> On Thu, Feb 19, 2009 at 4:17 AM, Erilenz <erilenz at gmail.com> wrote:
>> ...
[...]
>> I wonder if something could/should be built into TorButton to force a list of
>> commonly used services to go entirely over https? Eg any request for
>> ^http://mail\.google\.com/.*$
> 
> a plugin to enforce secure cookies and https only operation for some
> domains would be useful.  i don't know of any that do this kind of
> thing yet...

Noscript has some options (Options, Advanced, HTTPS) that may help.
Disclaimer: I've not used these options and I don't know if it's secure.



More information about the tor-talk mailing list