Changes between Version 1 and Version 2 of Ticket #15763, comment 5


Ignore:
Timestamp:
Mar 10, 2018, 11:46:12 AM (11 months ago)
Author:
cypherpunks
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15763, comment 5

    v1 v2  
    11Hi, thanks a bunch for following up with this!
    22
    3 Your almost complete switch to HTTPS does not eliminate the need for a rule in HTTPS Everywhere. HTTPS Everywhere still adds an additional protection against attacks such as SSLstrip. Also, as opposed to HSTS, it does not rely on a trust of first use scheme.
     3Your almost complete switch to HTTPS does not eliminate the need for a rule in HTTPS Everywhere. HTTPS Everywhere still adds an additional protection against attacks such as SSLstrip. Also, as opposed to HSTS, it does not rely on a trust on first use scheme.
    44
    55The only equivalent protection would be to HSTS preload the entire domain but that's not an option here since you said that some subdomains don't/won't support HTTPS.