https default ???

[Guest]

[mw74]

why isn't https://forums.comodo.com the default address ?
I know we can click the padlock and go https, but I would have thought this would be standard
Thanks

[JoWa]

What do you mean by “default address”?

[mw74]

What do you mean by “default address”?

 Hi when I visit the forum either thru the GUI thru a search engine http://forums.comodo.com/ opens as a default rather than https://forums.comodo.com/

[JoWa]

I guess “thru the GUI” means through the link in CIS, which indeed opens http://forums.comodo.com/ I don’t know why they chose http.

Regarding search-engine. When I search for “comodo forum” on Google, the first search-result is actually https://forums.comodo.com/

[mw74]

I guess “thru the GUI” means through the link in CIS, which indeed opens http://forums.comodo.com/ I don’t know why they chose http.

Regarding search-engine. When I search for “comodo forum” on Google, the first search-result is actually https://forums.comodo.com/

Hi
yeah I did mean CIS 
and apologies, my mistake you are quite right google and startpage both lead with https://forums.comodo.com/

I don't mean to be "picky" just would like to see connections encrypted where ever possible all over the interwebs 

Thanks

[JoWa]

Hi. No need to apologise.

I share your wish for more encrypted connections. And it seems that is what we can expect in the near future, with HTTP 2.0, based upon SPDY now being worked on. (Currently, SPDY always uses TLS.)

Maybe Comodo could get their addresses on Google’s HSTS-list.

I use KB SSL Enforcer in order to automatically use HTTPS whenever available.

[mw74]

Maybe Comodo could get their addresses on Google’s HSTS-list. Smiley

looks good  lots of the popular internet in there, and if its good enough for Tor it's good enough for me lol

I use KB SSL Enforcer in order to automatically use HTTPS whenever available. Wink

good to see quality extensions I'm still using Firefox, mainly due to better add ons/extensions will be adding this to my Dragon 

Thanks

[Seany007]

Hi
yeah I did mean CIS 
and apologies, my mistake you are quite right google and startpage both lead with https://forums.comodo.com/

I don't mean to be "picky" just would like to see connections encrypted where ever possible all over the interwebs 

Thanks

Just use Comodo Dragon or you can use add-on called 'HTTPS everywhere'. Done. 

[mw74]

Just use Comodo Dragon or you can use add-on called 'HTTPS everywhere'. Done.  Cool

Hi have been toying with the idea of changing to dragon as default but I can't break away from NoScript, ScriptNo for chrome isn't quite "there" yet IMO, I have a pretty good score on the EFF'S Pantopticlick https://panopticlick.eff.org/ I cannot replicate this with a Chromium browser which is another reason I'm struggling to switch.
I do use the EFF"S HTTPS EveryWhere thanks tho, also like a pretty good add on called firegloves https://addons.mozilla.org/en-US/firefox/addon/firegloves/

Now IceDragon... now ya talking 

[JoWa]

Speaking of HSTS, have you seen the HSTS-UI in Dragon? dragon://net-internals/#hsts

There you can add domains to your own HSTS-list, and also remove domains (added by you).

Actually that is what Dragon’s Force Secure Connections does.

[mw74]

Speaking of HSTS, have you seen the HSTS-UI in Dragon? dragon://net-internals/#hsts

There you can add domains to your own HSTS-list, and also remove domains (added by you).

Actually that is what Dragon’s Force Secure Connections does.

ahh no I hadn't seen this page, like it,
I have just had a quick look now, also didn't know about enforcing HTTPS via the address bar very cool  
I like that SPDY is only forced over HTTPS


Thanks for the the link  
 EDIT - the DNS page is good as well

[JoWa]

In the current SPDY-implementations, TLS is mandatory. Here is a discussion of mandatory TLS in HTTP/2.0: http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0601.html
HSTS is cool. It not only forces encrypted connection, it also removes the “Proceed anyway”-option in case of a certificate-error. And if there are insecure scripts on a https-site (eg https://www.webkit.org/), the scripts will be silently blocked, no “Load anyway”-option.

Adam Langley: Living with HTTPS (19 Jul 2012)

[mw74]

In the current SPDY-implementations, TLS is mandatory. Here is a discussion of mandatory TLS in HTTP/2.0: http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0601.html
HSTS is cool. It not only forces encrypted connection, it also removes the “Proceed anyway”-option in case of a certificate-error. And if there are insecure scripts on a https-site (eg https://www.webkit.org/), the scripts will be silently blocked, no “Load anyway”-option.

Adam Langley: Living with HTTPS (19 Jul 2012)

Hi
Thanks for the links/info 
I think the journey towards chromium and dragon has begun and cannot be stopped lol
the only thing holding me back now is leaving NoScript behind...
i'm going to play with NotScript again, I haven't given it a fair "crack of the whip" go upto now
do you use it ? if so whats your verdict ?
Thanks again
MW

[JoWa]

Hi,

Welcome on board. Enjoy the SPDY journey!

No, I have never used NotScripts. You know, I never was a Firefox-user, so I am not used to needing addons/extensions for everything.

There is also a ScriptNo-extension. Never used that one either.

For some time (when I still used Windows) I played with Dragon’s content-settings. Have you checked them out? dragon://chrome/settings/content. Now I see no reason for me to bother with such things. Maybe I am naïve, but I trust the sandbox.

I have added some domains to the HSTS-list, and that is the only security-related tweak I have applied in Chrome (currently 23 beta, on Ubuntu 12.10, 64-bit). I would say that without any tweaks, extensions or other additional software, what I use is one of the most secure “browsing platforms” available.

[Tags:]