Firefox Browser Addons: How does "HTTPS Everywhere" (List based, manual) compare to "Smart HTTPS" (Trial and error based, automatical)?
https://addons.mozilla.org/firefox/addon/https-everywhere/
https://addons.mozilla.org/firefox/addon/smart-https-revived/
I'm interested about your opinion.
@BurungHantu Like the issues with STARTTLS (vs "Implicit TLS"), a downgrade attack could be executed against browsers using Smart HTTPS to prevent them from upgrading to HTTPS; probably when it would be needed most.
Follow
@StephenLB Interesting, Stephen. Do you have a link that explains this further?
@BurungHantu SSLStrip is the attack that comes to mind (https://moxie.org/software/sslstrip), and the FAQ for HTTPS Everywhere has some more information (https://www.eff.org/https-everywhere/faq#why-use-a-whitelist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)