https connections

[2alex]

(Moved from FlashGot forum, as being a question about NoScript and its features -- Tom T.)

What happens if I have hotmail set to automatically use https but have Noscript set to never force https connections for hotmail.com, msn.com and live.com? Will hotmail's settings override Noscript?

[Tom T.]

What happens if I have hotmail set to automatically use https but have Noscript set to never force https connections for hotmail.com, msn.com and live.com? Will hotmail's settings override Noscript?

Not sure why this is in the FlashGot forum, or why it was asked at all. Just don't make any entry for hotmail in the "Force HTTPS" section.

The key word is "Force". If NS doesn't force it, the site will do whatever it and you have configured it to do.

I even tried putting "Never force" on my online bank. Still, when I went to the secure login page -- *secured by the server itself*, with HTTPS -- it remained secured.

Not really sure why one would put an entry in "Never force" anyway. If it isn't https, and you don't want it to be, no problem. If it is, telling NS not to force it is sort of like telling NS not to force the Sun to rise in the East tomorrow morning: The Sun will rise where it wants to, regardless of whether NS "forces" it to do so.

Am I missing something? Why would "Never force" be used? Perhaps if one wildcards the universe:

Code: Select all

Force HTTPS:
 *.*

then needs to except those sites that don't support HTTPS connections?

Thanks for any replies.

[Thrawn]

Am I missing something? Why would "Never force" be used? Perhaps if one wildcards the universe:

Code: Select all

Force HTTPS:
 *.*

then needs to except those sites that don't support HTTPS connections?

I used to experiment with doing just that from time to time, until I settled on HTTPS Finder instead. It was an interesting experience, and Perspectives can help to mitigate certificate errors in some cases, but it means a lot of work, and lots of sites just don't (need to?) support HTTPS.

[Tom T.]

Am I missing something? Why would "Never force" be used? Perhaps if one wildcards the universe:

Code: Select all

Force HTTPS:
 *.*

then needs to except those sites that don't support HTTPS connections?

I used to experiment with doing just that from time to time, until I settled on HTTPS Finder instead. It was an interesting experience, and Perspectives can help to mitigate certificate errors in some cases, but it means a lot of work, and lots of sites just don't (need to?) support HTTPS.

That's what I thought. Agree completely with your findings and opinion.

The largest benefit to an all-HTTPS Internet would be increasing the cost of some attacks: MITM, etc. But I wish they would. Modern processors -- even this ancient laptop -- don't show a discernible performance hit once the initial asymmetrical session key negotiations are complete. And that's probably measured in tenths of a second, at most. (Which would be lost in the noise of your ISP's congestion level, general Internet congestion level, the web server's congestion level, etc.) After that, symmetrical encrypt/decrypt is trivial in overhead.

Slightly O/T: I saw that the plans for IP V6 were to include enforcing IPsec, but that they've dropped that back to "optional". Understand the compatibility issues, etc., but IMHO, here was a chance to increase Net securely greatly, with work-arounds for back-compat until all home machines, routers, etc. supported it. (My router from 2005 does, and I think the box does, too; would have to double-check.)

IMHO. YMMV.

ETA: As per first reply, this is really O/T to FlashGot. Since it was a question about NS Force HTTPS feature, will move to NS Support.