HTTPS Everywhere

**HTTPS Everywhere**
开发者	Tor项目和电子前哨基金会
稳定版本	2020.11.17 （2020年11月17日，3年前）
编程语言	JavaScript
类型	浏览器扩充功能
许可协议	GNU GPL v3+（大部分代码兼容v2）

HTTPS Everywhere是一个自由且开源的浏览器扩充功能，支持Google Chrome、Mozilla Firefox和Opera，由非营利组织Tor项目和电子前哨基金会（EFF）共同开发^[3]。该插件会在网站支持的情况下自动转用更安全的HTTPS连接，减少使用HTTP的情况^[4]。

开发

Google转向HTTPS给了开发者灵感^[5]，从而开发出使浏览器优先使用HTTPS的HTTPS Everywhere。HTTPS Everywhere的部分代码基于NoScript对HTTP严格传输安全的实现，但在设计上比NoScript更易用^[6]。EFF网站上对用户提供有关向HTTPS Everywhere添加HTTPS规则集方面的指导^[7]，以及默认支持网站列表^[8]。

平台支持

HTTPS Everywhere的Firefox公测版发布于2010年^[9]，1.0版发布于2011年^[10]。适用于Google Chrome的测试版在2012年12月发布^[11]。Android设备适用的版本在2014年发布^[12]。

SSL Observatory

SSL Observatory是HTTPS Everywhere自2.0.1版新增的一项功能，通过分析公开密钥认证来判断证书颁发机构是否已变得不可信^[13]，以及用户是否可能受到中间人攻击^[14]。2013年，ICANN安全与稳定咨询委员会（SSAC）注意到SSL Observatory使用的数据集经常将一个组织下属的中间证书机构当作不同实体对待，使证书机构总数看起来过高。SSAC批评SSL Observatory，称其可能少统计了很多内部名称证书，还提到它使用的是2010年的数据集。^[15]

评价

有两项研究建议将HTTPS Everywhere的功能植入Android浏览器^[16]^[17]。2012年，Eric Phetteplace称该插件“可能是对Firesheep式攻击最好的各平台通用应对手段”^[18]。2011年，Vincent Toubiana和Vincent Verdot指出HTTPS Everywhere插件的一些不足，包括支持HTTPS服务的列表需要维护，以及部分服务在尚未准备好HTTPS的情况下被重定向至HTTPS，使插件用户无法正常访问服务^[19]。

参见

传输层安全协议（TLS） - 在计算机网络中提供通信安全的加密协议
隐私獾- EFF开发的免费浏览器插件，用于阻止第三方跟踪行为。
Switzerland (软件) – EFF开发的开源网络监控工具
Let's Encrypt – 免费的自动化X.509证书机构，为简化网站TLS加密的设置与维护而创建

参考文献

↑ Changelog.txt. EFF. 2020-11-17 [2020-11-17] （英语）.
↑ HTTPS Everywhere Development Electronic Frontier Foundation （英文）
↑ HTTPS Everywhere | Electronic Frontier Foundation. Eff.org. [2014-04-14] （英语）.
↑ HTTPS Everywhere reaches 2.0, comes to Chrome as beta - The H Open: News and Features. H-online.com. 2012-02-29 [2014-04-14] （英语）.
↑ Automatic web encryption (almost) everywhere - The H Open Source: News and Features. H-online.com. 2010-06-18 [2014-04-15] （英语）.
↑ HTTPS Everywhere | Electronic Frontier Foundation. Eff.org. [2014-06-04] （英语）.
↑ HTTPS Everywhere Rulesets | Electronic Frontier Foundation. Eff.org. 2014-01-24 [2014-05-19] （英语）.
↑ HTTPS Everywhere Atlas. eff.org. [2014-05-24] （英语）.
↑ Mills, Elinor. Firefox add-on encrypts sessions with Facebook, Twitter. CNET. 2010-06-18 [2014-04-14] （英语）.
↑ Scott Gilbertson. Firefox Security Tool HTTPS Everywhere Hits 1.0 | Webmonkey. WIRED. 2011-08-05 [2014-04-14] （英语）.
↑ HTTPS Everywhere & the Decentralized SSL Observatory | Electronic Frontier Foundation. Eff.org. 2012-02-29 [2014-06-04] （英语）.
↑ Brian, Matt. Browsing on your Android phone just got safer, thanks to the EFF. Engadget.com. 2014-01-27 [2014-04-14] （英语）.
↑ Lemos, Robert. EFF builds system to warn of certificate breaches | Encryption. InfoWorld. 2011-09-21 [2014-04-14] （英语）.
↑ Vaughan, Steven J. New 'HTTPS Everywhere' Web browser extension released. ZDNet. 2012-02-28 [2014-04-14] （英语）.
↑ 1 SSAC Advisory on Internal Name Certificates (PDF). ICANN Security and Stability Advisory Committee (SSAC). 2013-03-15 [2017-02-24] （英语）.
↑ Fahl, Sascha; et al. Why Eve and Mallory love Android: An analysis of Android SSL (in)security (PDF). ACM, 2012. [2017-02-24] （英语）.
↑ Davis, B.; Chen, H. Retro Skeleton. Proceeding of the 11th annual international conference on Mobile systems, applications, and services - Mobi Sys '13. 2013: 181. ISBN 9781450316729. doi:10.1145/2462456.2464462 （英语）.
↑ Kern, M. Kathleen, and Eric Phetteplace. "Hardening the browser." Reference & User Services Quarterly 51.3 (2012): 210-214. http://eprints.rclis.org/16837/ （英文）
↑ Toubiana, Vincent; Verdot, Vincent. Show Me Your Cookie And I Will Tell You Who You Are. 2011. arXiv:1108.5864  [cs.CR] （英语）. |eprint=和|arxiv=只需其一 (帮助); |last1=和|last=只需其一 (帮助); |first1=和|first=只需其一 (帮助)

外部链接

官方网站（英文）
版本库（英文）

Template:Tor project

[changelog-1] Changelog.txt. EFF. 2020-11-17 [2020-11-17] （英语）.

[2] HTTPS Everywhere Development Electronic Frontier Foundation （英文）

[3] HTTPS Everywhere | Electronic Frontier Foundation. Eff.org. [2014-04-14] （英语）.

[4] HTTPS Everywhere reaches 2.0, comes to Chrome as beta - The H Open: News and Features. H-online.com. 2012-02-29 [2014-04-14] （英语）.

[5] Automatic web encryption (almost) everywhere - The H Open Source: News and Features. H-online.com. 2010-06-18 [2014-04-15] （英语）.

[6] HTTPS Everywhere | Electronic Frontier Foundation. Eff.org. [2014-06-04] （英语）.

[7] HTTPS Everywhere Rulesets | Electronic Frontier Foundation. Eff.org. 2014-01-24 [2014-05-19] （英语）.

[8] HTTPS Everywhere Atlas. eff.org. [2014-05-24] （英语）.

[9] Mills, Elinor. Firefox add-on encrypts sessions with Facebook, Twitter. CNET. 2010-06-18 [2014-04-14] （英语）.

[10] Scott Gilbertson. Firefox Security Tool HTTPS Everywhere Hits 1.0 | Webmonkey. WIRED. 2011-08-05 [2014-04-14] （英语）.

[SSLObservatory-11] HTTPS Everywhere & the Decentralized SSL Observatory | Electronic Frontier Foundation. Eff.org. 2012-02-29 [2014-06-04] （英语）.

[12] Brian, Matt. Browsing on your Android phone just got safer, thanks to the EFF. Engadget.com. 2014-01-27 [2014-04-14] （英语）.

[13] Lemos, Robert. EFF builds system to warn of certificate breaches | Encryption. InfoWorld. 2011-09-21 [2014-04-14] （英语）.

[14] Vaughan, Steven J. New 'HTTPS Everywhere' Web browser extension released. ZDNet. 2012-02-28 [2014-04-14] （英语）.

[15] 1 SSAC Advisory on Internal Name Certificates (PDF). ICANN Security and Stability Advisory Committee (SSAC). 2013-03-15 [2017-02-24] （英语）.

[16] Fahl, Sascha; et al. Why Eve and Mallory love Android: An analysis of Android SSL (in)security (PDF). ACM, 2012. [2017-02-24] （英语）.

[17] Davis, B.; Chen, H. Retro Skeleton. Proceeding of the 11th annual international conference on Mobile systems, applications, and services - Mobi Sys '13. 2013: 181. ISBN 9781450316729. doi:10.1145/2462456.2464462 （英语）.

[18] Kern, M. Kathleen, and Eric Phetteplace. "Hardening the browser." Reference & User Services Quarterly 51.3 (2012): 210-214. http://eprints.rclis.org/16837/ （英文）

[19] Toubiana, Vincent; Verdot, Vincent. Show Me Your Cookie And I Will Tell You Who You Are. 2011. arXiv:1108.5864  [cs.CR] （英语）. |eprint=和|arxiv=只需其一 (帮助); |last1=和|last=只需其一 (帮助); |first1=和|first=只需其一 (帮助)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]