I noticed that when I am logged into https://idp.kantarainitiative.org/ and I then access documents
on kantarainitiative.org there is no SSL protection. This is probably not good.
HTTPS Everywhere to the rescue!
I added my own rule to the HTTPS Everywhere Firefox addon. (Works in Firefox 21.0)
<ruleset name="KantaraInitiative">
<target host="www.kantarainitiative.org" />
<target host="kantarainitiative.org" />
<target host="idp.kantarainitiative.org" />
<rule from="^http://idp\.kantarainitiative\.org/" to="https://idp.kantarainitiative.org/"/>
<rule from="^http://(www\.)?kantarainitiative\.org/" to="https://kantarainitiative.org/"/>
</ruleset>
Put the above ruleset into the Firefox Profile folder into a file named e.g. kantarainitiative.xml.
On Windows it should be located in a folder similar to this location:
D:\Users\nennker.axel\AppData\Roaming\Mozilla\Firefox\Profiles\uzmmhdde.default\HTTPSEverywhereUserRulesNow whenever I visit Kantara HTTPSEverywhere redirects Firefox to the SSL protected service.
Support EFF!