> Ok. It's a Firefox Add-on:
> https://www.eff.org/https-everywhere
> Questions:
> 1) But: Why can't i find it on the offical Firefox Add-ons site?:
>https://addons.mozilla.org/en-US/firefox/
maybe because they did not choose to put it there...?
maybe they have more trust in their own servers.
> 2) Did anyone audited the "HTTPS Everywhere" code?
Would you trust me if I say I did...?
> 3) Can someone trust this Add-on? Is it safe to install/use?
As much as you can trust all the other OS/softwares out there...
The EFF and the Tor project are supposed to be good people... but who knows...
> 4) If it's so great why isn't it more prevalent?
maybe because many people have no idea what is this https thing...
maybe because https is more resource hungry on both sides?
JD
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-19-2011, 11:22 AM
Jatin K
Let's talk about HTTPS Everywhere
On Wednesday 19 January 2011 04:59 PM, S Mathias wrote:
> Ok. It's a Firefox Add-on:
>
> https://www.eff.org/https-everywhere
>
> Questions:
>
> 1) But: Why can't i find it on the offical Firefox Add-ons site?: https://addons.mozilla.org/en-US/firefox/
>
> 2) Did anyone audited the "HTTPS Everywhere" code?
>
> 3) Can someone trust this Add-on? Is it safe to install/use?
>
> 4) If it's so great why isn't it more prevalent?
>
> What's youre opinion? Or answer? :
>
> Thanks!
>
>
>
I think this question should be ( must be !!! ) asked Firefox mailing
list or something like that ??????
is it ?
--
°v°
/(_)
^ ^ Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
01-19-2011, 11:39 AM
George
Let's talk about HTTPS Everywhere
On Wed, Jan 19, 2011 at 1:29 PM, S Mathias <smathias1972@yahoo.com> wrote:
> Ok. It's a Firefox Add-on:
>
> https://www.eff.org/https-everywhere
>
> Questions:
>
> 2) Did anyone audited the "HTTPS Everywhere" code?
> 3) Can someone trust this Add-on? Is it safe to install/use?
I don't think there's anything to worry about, since this is en EFF project.
> 4) If it's so great why isn't it more prevalent?
I think you're a bit confused about what this extension does. It doesn't
magically secure connections to all websites, it merely instructs the browser
to use the https protocol with websites that support it but don't have it
enabled by default. Remember that https, compared with http, requires some
extra work on both the client and the server. Therefore, websites are reluctant
to enable it by default, unless it is absolutely necessary.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTik=nyqpnBKokhG5eQficyhXKF=U5rzj+1BqJhxd@mail .gmail.com">http://lists.debian.org/AANLkTik=nyqpnBKokhG5eQficyhXKF=U5rzj+1BqJhxd@mail .gmail.com
01-19-2011, 11:47 AM
Paul Cartwright
Let's talk about HTTPS Everywhere
On 01/19/2011 07:39 AM, George wrote:
> > Ok. It's a Firefox Add-on:
> > >
> > > https://www.eff.org/https-everywhere
> > >
> > > Questions:
> > >
> > > 2) Did anyone audited the "HTTPS Everywhere" code?
> > > 3) Can someone trust this Add-on? Is it safe to install/use?
and a chrome add-on:
https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof?hl=en
--
Paul Cartwright
Registered Linux user # 367800
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4D36DD6C.7080909@pcartwright.com">http://lists.debian.org/4D36DD6C.7080909@pcartwright.com
01-19-2011, 11:57 AM
Camaleón
Let's talk about HTTPS Everywhere
On Wed, 19 Jan 2011 03:29:15 -0800, S Mathias wrote:
> Ok. It's a Firefox Add-on:
>
> https://www.eff.org/https-everywhere
>
> Questions:
>
> 1) But: Why can't i find it on the offical Firefox Add-ons site?:
> https://addons.mozilla.org/en-US/firefox/
> 2) Did anyone audited the "HTTPS Everywhere" code?
This dunno...
> 3) Can someone trust this Add-on? Is it safe to install/use?
I don't like/trust anoymous (even encrypted) proxy sites.
> 4) If it's so great why isn't it more prevalent?
- SSL traffic is heavy and slow
- There no need (normally) for encrypting public navigation (see the note
below)
> What's youre opinion? Or answer? :
My opinion is that I don't want to encrypt all the traffic, at least not
with the slow DSL connections/hosts we have now (loading a single page
will take seconds). I prefer to leave the SSL/TLS for sensitive data
(logins, etc...).
Or better yet, provide a "hardware" solution for transparently encrypt
all the data and its transport. Software is slow >:-)
(note) I can see it could be useful for countries with non-free
goverments, or for another, hum, uses...
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.01.19.12.57.46@gmail.com">http://lists.debian.org/pan.2011.01.19.12.57.46@gmail.com
01-19-2011, 12:17 PM
Dave Sherohman
Let's talk about HTTPS Everywhere
On Wed, Jan 19, 2011 at 12:57:48PM +0000, Camaleón wrote:
> On Wed, 19 Jan 2011 03:29:15 -0800, S Mathias wrote:
> > 3) Can someone trust this Add-on? Is it safe to install/use?
>
> I don't like/trust anoymous (even encrypted) proxy sites.
HTTPS Everywhere is not a proxy site, encrypted, anonymous, or
otherwise. It causes your browser to request that the sites you visit
use HTTPS rather than cleartext HTTP when communicating (directly) with
you. Nothing more, nothing less.
> > 4) If it's so great why isn't it more prevalent?
>
> - SSL traffic is heavy and slow
...
> My opinion is that I don't want to encrypt all the traffic, at least not
> with the slow DSL connections/hosts we have now (loading a single page
> will take seconds).
I don't know where you get this idea. SSL traffic is no different on
the wire than any other data traffic. There is a cost in processing
overhead for running the encryption algorithms on the client and on the
server, but it does not incur any additional bandwidth requirements and,
with modern hardware, the additional processing cost is negligible.
> - There no need (normally) for encrypting public navigation (see the note
> below)
...
> I prefer to leave the SSL/TLS for sensitive data (logins, etc...).
When dealing with sites which use session cookies, "public navigation"
*is* "sensitive data", as every request sent will include the cookie(s)
which identify you and an attacker who gains access to that data would
be able to use those cookies to impersonate you for the lifetime of that
session, as demonstrated by the recent uproar over FireSheep.
--
Dave Sherohman
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110119131758.GF3084@sherohman.org">http://lists.debian.org/20110119131758.GF3084@sherohman.org
01-19-2011, 12:45 PM
Steve Flynn
Let's talk about HTTPS Everywhere
On Wed, Jan 19, 2011 at 11:29 AM, S Mathias <smathias1972@yahoo.com> wrote:
> Ok. It's a Firefox Add-on:
>
> https://www.eff.org/https-everywhere
>
> Questions:
>
> 1) But: Why can't i find it on the offical Firefox Add-ons site?: https://addons.mozilla.org/en-US/firefox/
Read the FAQ: https://www.eff.org/https-everywhere/faq/
> 2) Did anyone audited the "HTTPS Everywhere" code?
Who makes sure the auditor is clean. Only way to check this is to
check it yourself.
> 3) Can someone trust this Add-on? Is it safe to install/use?
I find it absolutely fine.
> 4) If it's so great why isn't it more prevalent?
Because it doesn't work everywhere with every page or site and would
cause untold hassle for users if they were not aware of it's activity.
--
Steve
When one person suffers from a delusion it is insanity. When many
people suffer from a delusion it is called religion.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
01-19-2011, 12:52 PM
Kelly Clowers
Let's talk about HTTPS Everywhere
On Wed, Jan 19, 2011 at 04:57, Camaleón <noelamac@gmail.com> wrote:
> On Wed, 19 Jan 2011 03:29:15 -0800, S Mathias wrote:
>
>> 3) Can someone trust this Add-on? Is it safe to install/use?
>
> I don't like/trust anoymous (even encrypted) proxy sites.
Why don't you like them (I get not trusting them), and what does that have
to do with https everywhere?
>> 4) If it's so great why isn't it more prevalent?
>
> - SSL traffic is heavy and slow
> - There no need (normally) for encrypting public navigation (see the note
> below)
>
>> What's youre opinion? Or answer? :
>
> My opinion is that I don't want to encrypt all the traffic, at least not
> with the slow DSL connections/hosts we have now (loading a single page
> will take seconds). I prefer to leave the SSL/TLS for sensitive data
> (logins, etc...).
SSL/TLS isn't going to add enough overhead to the packets to make
a real difference unless you are something slower than DSL.
As far as the encryption/decryption goes, unless you are on a smartphone
or netbook or a really old computer, it will not matter to you. If enough
people do it, it will matter to the servers, but that is what capacity planning
and NICs with encryption offloading engines are for.
> Or better yet, provide a "hardware" solution for transparently encrypt
> all the data and its transport. Software is slow >:-)
See "NICs with encryption offloading engines" above.
Cheers,
Kelly Clowers
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/AANLkTi�dSNihgbXC=syyKRBOJs9bK5PO9qjoKgwQ@mail.g mail.com
01-19-2011, 12:55 PM
Dotan Cohen
Let's talk about HTTPS Everywhere
On Wed, Jan 19, 2011 at 13:29, S Mathias <smathias1972@yahoo.com> wrote:
> Ok. It's a Firefox Add-on:
>
> https://www.eff.org/https-everywhere
>
> Questions:
>
> 1) But: Why can't i find it on the offical Firefox Add-ons site?: https://addons.mozilla.org/en-US/firefox/
>
> 2) Did anyone audited the "HTTPS Everywhere" code?
>
> 3) Can someone trust this Add-on? Is it safe to install/use?
>
> 4) If it's so great why isn't it more prevalent?
>
> What's youre opinion? Or answer? :
>
> Thanks!
>
I use the addon, but I have not reviewed the code. I remind you that
it is from the EFF, so for "eyeballs on the code" I think that you are
covered (but I make no promises).
The addon does slow down browsing some, and some internal Wikipedia
links get broken, but I think that it is a worthy tradeoff.
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
01-19-2011, 01:47 PM
Camaleón
Let's talk about HTTPS Everywhere
On Wed, 19 Jan 2011 07:17:58 -0600, Dave Sherohman wrote:
> On Wed, Jan 19, 2011 at 12:57:48PM +0000, Camaleón wrote:
>> On Wed, 19 Jan 2011 03:29:15 -0800, S Mathias wrote:
>> > 3) Can someone trust this Add-on? Is it safe to install/use?
>>
>> I don't like/trust anoymous (even encrypted) proxy sites.
>
> HTTPS Everywhere is not a proxy site, encrypted, anonymous, or
> otherwise. It causes your browser to request that the sites you visit
> use HTTPS rather than cleartext HTTP when communicating (directly) with
> you. Nothing more, nothing less.
Maybe I read it wrong. In the EFF page says the addon has been developed
by Tor (I guess you already know what is this) and the EFF.
>> > 4) If it's so great why isn't it more prevalent?
>>
>> - SSL traffic is heavy and slow
> ...
>> My opinion is that I don't want to encrypt all the traffic, at least
>> not with the slow DSL connections/hosts we have now (loading a single
>> page will take seconds).
>
> I don't know where you get this idea. SSL traffic is no different on
> the wire than any other data traffic. There is a cost in processing
> overhead for running the encryption algorithms on the client and on the
> server, but it does not incur any additional bandwidth requirements and,
> with modern hardware, the additional processing cost is negligible.
And that "cost" translates into slow page loading that is even worse if
your connection is not as good as it should.
>> - There no need (normally) for encrypting public navigation (see the
>> note below)
> ...
>> I prefer to leave the SSL/TLS for sensitive data (logins, etc...).
>
> When dealing with sites which use session cookies, "public navigation"
> *is* "sensitive data", as every request sent will include the cookie(s)
> which identify you and an attacker who gains access to that data would
> be able to use those cookies to impersonate you for the lifetime of that
> session, as demonstrated by the recent uproar over FireSheep.
Data stored in cookies is not what I understand for "sensitive". What
kind of information do you think are cookies managing?
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.01.19.14.47.03@gmail.com">http://lists.debian.org/pan.2011.01.19.14.47.03@gmail.com
Let's talk about HTTPS Everywhere
