Opened 9 years ago

Last modified 20 months ago

#2160 new enhancement

Document rule review process

Reported by: mikeperry Owned by: schoen
Priority: High Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: inkerman42@…, lists@…, graffatcolmingov@… Actual Points:
Parent ID: #2161 Points:
Reviewer: Sponsor:

Description

We need to publicly document our rule review process in the rule development howto. The document should be written to be read by rule authors as well as rule set administrators/reviewers. It should describe both common pitfalls in rule authorship, as well as potential vectors for malicious rules, and examples of each.

To motivate this, it should also briefly define an adversary model. As far as I am aware, the two classes of adversaries we face are network adversaries that exploit poorly written existing rules, and rule author adversaries that try to subtly smuggle malicious rewrite rules into rulesets for purposes of MITM/phishing.

Child Tickets

Change History (6)

comment:1 Changed 9 years ago by mikeperry

Parent ID: #2161

comment:2 Changed 8 years ago by inkerman

Cc: inkerman42@… added

comment:3 Changed 7 years ago by eadler

Cc: lists@… added

comment:4 Changed 7 years ago by graffatcolmingov

Cc: graffatcolmingov@… added

comment:5 Changed 7 years ago by graffatcolmingov

Since discussion of this started again on the mailing list, is there any objection to using this ticket to work out the rough edges/a working draft and then send that out as a RFC to both lists (I'm assuming there may be people only subscribed to one or the other) or make some other ticket as the place for comments?

comment:6 Changed 20 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.