Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Wikitech

How's the SSL thing going?

  

 
First page Previous page 1 2 Next page Last page  View All Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded


dgerard at gmail

Jul 31, 2013, 11:36 AM

Post #1 of 41 (146 views)
Permalink
How's the SSL thing going?
Jimmy just tweeted this:

https://twitter.com/jimmy_wales/status/362626509648834560

I think that's the first time I've seen him say "fuck" in a public
communication ...

Anyway, I expect people will ask us how the move to all-SSL is
progressing. So, how is it going?

(I've been telling people it's slowly moving along, we totally want
this, it's just technical resources. But more details would be most
useful!)


- d.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Jul 31, 2013, 11:40 AM

Post #2 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Good question.

There are two steps to this:
1) Move all logins to TLS
2) Move all logged in users to TLS

The former was dependent on a bug with E:CentralAuth that was causing
$wgSecureLogin to malfunction. I am not sure whether this bug was ever
fixed (I remember seeing Chris submit a patch for it, but I think it was
abandoned).

Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283 is
probably a blocker for enabled $wgSecureLogin (which would be a
pre-requisite for either of the two above steps).


*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail


On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dgerard [at] gmail> wrote:

> Jimmy just tweeted this:
>
> https://twitter.com/jimmy_wales/status/362626509648834560
>
> I think that's the first time I've seen him say "fuck" in a public
> communication ...
>
> Anyway, I expect people will ask us how the move to all-SSL is
> progressing. So, how is it going?
>
> (I've been telling people it's slowly moving along, we totally want
> this, it's just technical resources. But more details would be most
> useful!)
>
>
> - d.
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


emijrp at gmail

Jul 31, 2013, 11:46 AM

Post #3 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
It was so obvious that int. agencies were doing that. It was discussed in
past threads in the mailing list too.

Also, I have read that SSL is not secure neither. So, bleh...


2013/7/31 David Gerard <dgerard [at] gmail>

> Jimmy just tweeted this:
>
> https://twitter.com/jimmy_wales/status/362626509648834560
>
> I think that's the first time I've seen him say "fuck" in a public
> communication ...
>
> Anyway, I expect people will ask us how the move to all-SSL is
> progressing. So, how is it going?
>
> (I've been telling people it's slowly moving along, we totally want
> this, it's just technical resources. But more details would be most
> useful!)
>
>
> - d.
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


dgerard at gmail

Jul 31, 2013, 11:47 AM

Post #4 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On 31 July 2013 19:36, David Gerard <dgerard [at] gmail> wrote:

> Jimmy just tweeted this:
> https://twitter.com/jimmy_wales/status/362626509648834560
> I think that's the first time I've seen him say "fuck" in a public
> communication ...


And wow, this is the NSA slide that triggered it:

https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/1375269604628/KS8-001.jpg

That's us there. Fuck these people.


- d.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


dgerard at gmail

Jul 31, 2013, 11:48 AM

Post #5 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On 31 July 2013 19:46, Emilio J. Rodríguez-Posada <emijrp [at] gmail> wrote:

> Also, I have read that SSL is not secure neither. So, bleh...


PFS. http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

Also, https://en.wikipedia.org/wiki/Nirvana_fallacy - this is
somewhere we can in fact do better step by step


- d.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


csteipp at wikimedia

Jul 31, 2013, 11:50 AM

Post #6 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Wed, Jul 31, 2013 at 11:40 AM, Tyler Romeo <tylerromeo [at] gmail> wrote:
> Good question.
>
> There are two steps to this:
> 1) Move all logins to TLS
> 2) Move all logged in users to TLS

3) Serve all traffic via HTTPS
4) With PFS and long HSTS timeouts

>
> The former was dependent on a bug with E:CentralAuth that was causing
> $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> fixed (I remember seeing Chris submit a patch for it, but I think it was
> abandoned).

The bug has been fixes as part of the new SUL code. Yay!

>
> Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283 is
> probably a blocker for enabled $wgSecureLogin (which would be a
> pre-requisite for either of the two above steps).

As a few people noticed, we actually threw the switch on wgSecureLogin
yesterday, at which point the UX people felt that experience wasn't
ready, and it was reverted. This bug was one of the issues identified,
where they felt the UX would actually harm the editor experience.

We also have some scaling concerns, so ops is also working on making
sure we have enough capacity on hand to handle major spikes after we
enable this. Hopefully we'll tie up all the loose ends in the near
future, and can try getting to step #1 again.

>
>
> *-- *
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2016
> Major in Computer Science
> www.whizkidztech.com | tylerromeo [at] gmail
>
>
> On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dgerard [at] gmail> wrote:
>
>> Jimmy just tweeted this:
>>
>> https://twitter.com/jimmy_wales/status/362626509648834560
>>
>> I think that's the first time I've seen him say "fuck" in a public
>> communication ...
>>
>> Anyway, I expect people will ask us how the move to all-SSL is
>> progressing. So, how is it going?
>>
>> (I've been telling people it's slowly moving along, we totally want
>> this, it's just technical resources. But more details would be most
>> useful!)
>>
>>
>> - d.
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> Wikitech-l [at] lists
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Jul 31, 2013, 11:55 AM

Post #7 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Wed, Jul 31, 2013 at 2:50 PM, Chris Steipp <csteipp [at] wikimedia> wrote:

> 3) Serve all traffic via HTTPS
> 4) With PFS and long HSTS timeouts
>

Indeed. I need to be more optimistic. :)

The bug has been fixes as part of the new SUL code. Yay!


Nice!

*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


bawolff at gmail

Jul 31, 2013, 11:55 AM

Post #8 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Which kind of ignores the issue that encrypting with ssl doesn't do a
lot against traffic analysis, when its publicly known how big the
pages you're downloading are, and how many images/other assets they
have on them. NSA certainly has the resources to do this if they want.


If you can do this sort of thing:
http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
against google maps, I imagine it should be much simpler to do
something like that for Wikipedia. (Our data has more variation in it,
and the data is all publicly available)

--bawolff

On 7/31/13, Tyler Romeo <tylerromeo [at] gmail> wrote:
> Good question.
>
> There are two steps to this:
> 1) Move all logins to TLS
> 2) Move all logged in users to TLS
>
> The former was dependent on a bug with E:CentralAuth that was causing
> $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> fixed (I remember seeing Chris submit a patch for it, but I think it was
> abandoned).
>
> Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> is
> probably a blocker for enabled $wgSecureLogin (which would be a
> pre-requisite for either of the two above steps).
>
>
> *-- *
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2016
> Major in Computer Science
> www.whizkidztech.com | tylerromeo [at] gmail
>
>
> On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dgerard [at] gmail> wrote:
>
>> Jimmy just tweeted this:
>>
>> https://twitter.com/jimmy_wales/status/362626509648834560
>>
>> I think that's the first time I've seen him say "fuck" in a public
>> communication ...
>>
>> Anyway, I expect people will ask us how the move to all-SSL is
>> progressing. So, how is it going?
>>
>> (I've been telling people it's slowly moving along, we totally want
>> this, it's just technical resources. But more details would be most
>> useful!)
>>
>>
>> - d.
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> Wikitech-l [at] lists
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jalexander at wikimedia

Jul 31, 2013, 12:01 PM

Post #9 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Wed, Jul 31, 2013 at 11:55 AM, Brian Wolff <bawolff [at] gmail> wrote:

> Which kind of ignores the issue that encrypting with ssl doesn't do a
> lot against traffic analysis, when its publicly known how big the
> pages you're downloading are, and how many images/other assets they
> have on them. NSA certainly has the resources to do this if they want.
>
>
> If you can do this sort of thing:
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> against google maps, I imagine it should be much simpler to do
> something like that for Wikipedia. (Our data has more variation in it,
> and the data is all publicly available)
>
> --bawolff
>
>
Time to start adding a random amount of extra packets with each request? :)

James Alexander
Legal and Community Advocacy
Wikimedia Foundation
(415) 839-6885 x6716 @jamesofur
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


ksnider at wikimedia

Jul 31, 2013, 12:05 PM

Post #10 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Jul 31, 2013, at 3:01 PM, James Alexander <jalexander [at] wikimedia> wrote:

> Time to start adding a random amount of extra packets with each request? :)

This is what freenet does, but I think supporting SPDY/HTTP 2.0 [1] will help in this regard as well, as it essentially pipelines requests (so you wouldn't be able to discern which packets were article body, for example).

--Ken.

[1] http://en.wikipedia.org/wiki/HTTP_2.0
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


mwalker at wikimedia

Jul 31, 2013, 12:06 PM

Post #11 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
>
> Time to start adding a random amount of extra packets with each request? :)


We would need to be very careful to not cause detectable entropy changes
which is not trivial!

Perhaps we promote the deployment of SPDY/QUIC which interleaves requests?

~Matt Walker
Wikimedia Foundation
Fundraising Technology Team


On Wed, Jul 31, 2013 at 12:01 PM, James Alexander
<jalexander [at] wikimedia>wrote:

> On Wed, Jul 31, 2013 at 11:55 AM, Brian Wolff <bawolff [at] gmail> wrote:
>
> > Which kind of ignores the issue that encrypting with ssl doesn't do a
> > lot against traffic analysis, when its publicly known how big the
> > pages you're downloading are, and how many images/other assets they
> > have on them. NSA certainly has the resources to do this if they want.
> >
> >
> > If you can do this sort of thing:
> >
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> > against google maps, I imagine it should be much simpler to do
> > something like that for Wikipedia. (Our data has more variation in it,
> > and the data is all publicly available)
> >
> > --bawolff
> >
> >
> Time to start adding a random amount of extra packets with each request? :)
>
> James Alexander
> Legal and Community Advocacy
> Wikimedia Foundation
> (415) 839-6885 x6716 @jamesofur
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


cananian at wikimedia

Jul 31, 2013, 12:11 PM

Post #12 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Like dgerald said, let's not let the perfect distract us from the
better. It will be impossible to 100% secure our visitors' traffic
against an adversary with as many resources as the NSA. But we can
secure our users against adversaries with fewer resources, and we can
increase the cost of a successful attack so that casual snooping on
everyone and every article isn't possible. Let's make the NSA use
that expensive targetted 'trafficthief' program at the top of their
pyramid, instead of letting them cheaply/casually sniff everything
with xkeyscore.
--scott
--
(http://cscott.net)

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


magnusmanske at googlemail

Jul 31, 2013, 12:12 PM

Post #13 of 41 (141 views)
Permalink
Re: How's the SSL thing going? [In reply to]
There was the lofty notion of including all images, CSS/JS/whatnot as CDATA
elements in the page itself, for browsers that support it. That would get
around the one issue, but still allow size-based fingerprinting, especially
since most users will follow links within the site, so the search space
gets much smaller. Random package size increase, as mentioned, might help
there.

Magnus



On Wed, Jul 31, 2013 at 7:55 PM, Brian Wolff <bawolff [at] gmail> wrote:

> Which kind of ignores the issue that encrypting with ssl doesn't do a
> lot against traffic analysis, when its publicly known how big the
> pages you're downloading are, and how many images/other assets they
> have on them. NSA certainly has the resources to do this if they want.
>
>
> If you can do this sort of thing:
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> against google maps, I imagine it should be much simpler to do
> something like that for Wikipedia. (Our data has more variation in it,
> and the data is all publicly available)
>
> --bawolff
>
> On 7/31/13, Tyler Romeo <tylerromeo [at] gmail> wrote:
> > Good question.
> >
> > There are two steps to this:
> > 1) Move all logins to TLS
> > 2) Move all logged in users to TLS
> >
> > The former was dependent on a bug with E:CentralAuth that was causing
> > $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> > fixed (I remember seeing Chris submit a patch for it, but I think it was
> > abandoned).
> >
> > Also, the discussion on
> https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> > is
> > probably a blocker for enabled $wgSecureLogin (which would be a
> > pre-requisite for either of the two above steps).
> >
> >
> > *-- *
> > *Tyler Romeo*
> > Stevens Institute of Technology, Class of 2016
> > Major in Computer Science
> > www.whizkidztech.com | tylerromeo [at] gmail
> >
> >
> > On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dgerard [at] gmail> wrote:
> >
> >> Jimmy just tweeted this:
> >>
> >> https://twitter.com/jimmy_wales/status/362626509648834560
> >>
> >> I think that's the first time I've seen him say "fuck" in a public
> >> communication ...
> >>
> >> Anyway, I expect people will ask us how the move to all-SSL is
> >> progressing. So, how is it going?
> >>
> >> (I've been telling people it's slowly moving along, we totally want
> >> this, it's just technical resources. But more details would be most
> >> useful!)
> >>
> >>
> >> - d.
> >>
> >> _______________________________________________
> >> Wikitech-l mailing list
> >> Wikitech-l [at] lists
> >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> > _______________________________________________
> > Wikitech-l mailing list
> > Wikitech-l [at] lists
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
undefined
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


risker.wp at gmail

Jul 31, 2013, 12:23 PM

Post #14 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Just one question from a relatively non-technical person: What falls off
the map if everything is done using SSL? Is this the protocol that would
make it essentially impossible to read/edit Wikipedia using a normal
internet connection from China?

Risker


On 31 July 2013 15:12, Magnus Manske <magnusmanske [at] googlemail> wrote:

> There was the lofty notion of including all images, CSS/JS/whatnot as CDATA
> elements in the page itself, for browsers that support it. That would get
> around the one issue, but still allow size-based fingerprinting, especially
> since most users will follow links within the site, so the search space
> gets much smaller. Random package size increase, as mentioned, might help
> there.
>
> Magnus
>
>
>
> On Wed, Jul 31, 2013 at 7:55 PM, Brian Wolff <bawolff [at] gmail> wrote:
>
> > Which kind of ignores the issue that encrypting with ssl doesn't do a
> > lot against traffic analysis, when its publicly known how big the
> > pages you're downloading are, and how many images/other assets they
> > have on them. NSA certainly has the resources to do this if they want.
> >
> >
> > If you can do this sort of thing:
> >
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> > against google maps, I imagine it should be much simpler to do
> > something like that for Wikipedia. (Our data has more variation in it,
> > and the data is all publicly available)
> >
> > --bawolff
> >
> > On 7/31/13, Tyler Romeo <tylerromeo [at] gmail> wrote:
> > > Good question.
> > >
> > > There are two steps to this:
> > > 1) Move all logins to TLS
> > > 2) Move all logged in users to TLS
> > >
> > > The former was dependent on a bug with E:CentralAuth that was causing
> > > $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> > > fixed (I remember seeing Chris submit a patch for it, but I think it
> was
> > > abandoned).
> > >
> > > Also, the discussion on
> > https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> > > is
> > > probably a blocker for enabled $wgSecureLogin (which would be a
> > > pre-requisite for either of the two above steps).
> > >
> > >
> > > *-- *
> > > *Tyler Romeo*
> > > Stevens Institute of Technology, Class of 2016
> > > Major in Computer Science
> > > www.whizkidztech.com | tylerromeo [at] gmail
> > >
> > >
> > > On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dgerard [at] gmail>
> wrote:
> > >
> > >> Jimmy just tweeted this:
> > >>
> > >> https://twitter.com/jimmy_wales/status/362626509648834560
> > >>
> > >> I think that's the first time I've seen him say "fuck" in a public
> > >> communication ...
> > >>
> > >> Anyway, I expect people will ask us how the move to all-SSL is
> > >> progressing. So, how is it going?
> > >>
> > >> (I've been telling people it's slowly moving along, we totally want
> > >> this, it's just technical resources. But more details would be most
> > >> useful!)
> > >>
> > >>
> > >> - d.
> > >>
> > >> _______________________________________________
> > >> Wikitech-l mailing list
> > >> Wikitech-l [at] lists
> > >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> > > _______________________________________________
> > > Wikitech-l mailing list
> > > Wikitech-l [at] lists
> > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
> > _______________________________________________
> > Wikitech-l mailing list
> > Wikitech-l [at] lists
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
>
>
>
> --
> undefined
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


ksnider at wikimedia

Jul 31, 2013, 12:26 PM

Post #15 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Jul 31, 2013, at 3:12 PM, Magnus Manske <magnusmanske [at] googlemail> wrote:

> There was the lofty notion of including all images, CSS/JS/whatnot as CDATA
> elements in the page itself, for browsers that support it. That would get
> around the one issue, but still allow size-based fingerprinting, especially
> since most users will follow links within the site, so the search space
> gets much smaller. Random package size increase, as mentioned, might help
> there.

This is part of why support and rapid adoption of protocols that allow for multiplexing (SPDY/HTTP2.0) are important - they would make the fingerprinting process significantly more difficult.

--Ken.
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


dgerard at gmail

Jul 31, 2013, 1:01 PM

Post #16 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On 31 July 2013 19:48, David Gerard <dgerard [at] gmail> wrote:

> PFS. http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html


Keeping in mind that PFS is not actually perfect either:
http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse


- d.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


dgerard at gmail

Jul 31, 2013, 1:06 PM

Post #17 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Oh - if anyone can authoritatively compose a WMF blog post on the
state of the move to SSL (the move to logins and what happened there,
the NSA slide, ongoing issues like browsers in China, etc), that would
probably be a useful thing :-)


- d.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


rlane32 at gmail

Jul 31, 2013, 1:12 PM

Post #18 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Wed, Jul 31, 2013 at 1:06 PM, David Gerard <dgerard [at] gmail> wrote:

> Oh - if anyone can authoritatively compose a WMF blog post on the
> state of the move to SSL (the move to logins and what happened there,
> the NSA slide, ongoing issues like browsers in China, etc), that would
> probably be a useful thing :-)
>
>
I'll be posting blog posts each step of the way as we move to SSL. We have
plans on SSL for anons by default, but there's no official roadmap for
doing so.

- Ryan
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


datzrott at alizeepathology

Jul 31, 2013, 1:32 PM

Post #19 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
>>Oh - if anyone can authoritatively compose a WMF blog post on the
>>state of the move to SSL (the move to logins and what happened there,
>>the NSA slide, ongoing issues like browsers in China, etc), that would
>>probably be a useful thing :-)
>>
>>
>I'll be posting blog posts each step of the way as we move to SSL. We have
>plans on SSL for anons by default, but there's no official roadmap for
>doing so.

Something sooner than later might be good. Also have you guys
read the presentation. A lot of this is very chilling....

I agree with Jimbo. We need to fix this as best we can.

Thank you,
Derric Atzrott


_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


mflaschen at wikimedia

Jul 31, 2013, 1:32 PM

Post #20 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On 07/31/2013 03:23 PM, Risker wrote:
> Just one question from a relatively non-technical person: What falls off
> the map if everything is done using SSL? Is this the protocol that would
> make it essentially impossible to read/edit Wikipedia using a normal
> internet connection from China?
>
> Risker

Good question. I'm not aware of the current status, but Tim Starling
said SSL connections to Wikipedia have been blocked in China
(https://bugzilla.wikimedia.org/show_bug.cgi?id=47832#c16).

Matt Flaschen


_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Jul 31, 2013, 1:35 PM

Post #21 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Like I've said before, the NSA spying on what users are reading is still
the least of our concerns. We should focus on making sure passwords aren't
sent over plaintext before attempting to evade a government-run
international spy network.

*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail


On Wed, Jul 31, 2013 at 4:32 PM, Matthew Flaschen
<mflaschen [at] wikimedia>wrote:

> On 07/31/2013 03:23 PM, Risker wrote:
> > Just one question from a relatively non-technical person: What falls off
> > the map if everything is done using SSL? Is this the protocol that would
> > make it essentially impossible to read/edit Wikipedia using a normal
> > internet connection from China?
> >
> > Risker
>
> Good question. I'm not aware of the current status, but Tim Starling
> said SSL connections to Wikipedia have been blocked in China
> (https://bugzilla.wikimedia.org/show_bug.cgi?id=47832#c16).
>
> Matt Flaschen
>
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


p.selitskas at gmail

Jul 31, 2013, 1:39 PM

Post #22 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Can we enable full security mode (as an optional feature) geographically
based on the most concerned governments, if the whole thing isn't going
fast due to lack of resources?


On Wed, Jul 31, 2013 at 11:35 PM, Tyler Romeo <tylerromeo [at] gmail> wrote:

> Like I've said before, the NSA spying on what users are reading is still
> the least of our concerns. We should focus on making sure passwords aren't
> sent over plaintext before attempting to evade a government-run
> international spy network.
>
> *-- *
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2016
> Major in Computer Science
> www.whizkidztech.com | tylerromeo [at] gmail
>
>
> On Wed, Jul 31, 2013 at 4:32 PM, Matthew Flaschen
> <mflaschen [at] wikimedia>wrote:
>
> > On 07/31/2013 03:23 PM, Risker wrote:
> > > Just one question from a relatively non-technical person: What falls
> off
> > > the map if everything is done using SSL? Is this the protocol that
> would
> > > make it essentially impossible to read/edit Wikipedia using a normal
> > > internet connection from China?
> > >
> > > Risker
> >
> > Good question. I'm not aware of the current status, but Tim Starling
> > said SSL connections to Wikipedia have been blocked in China
> > (https://bugzilla.wikimedia.org/show_bug.cgi?id=47832#c16).
> >
> > Matt Flaschen
> >
> >
> > _______________________________________________
> > Wikitech-l mailing list
> > Wikitech-l [at] lists
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
З павагай,
Павел Селіцкас/Pavel Selitskas
Wizardist @ Wikimedia projects
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


rlane32 at gmail

Jul 31, 2013, 1:50 PM

Post #23 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
On Wed, Jul 31, 2013 at 1:39 PM, Paul Selitskas <p.selitskas [at] gmail>wrote:

> Can we enable full security mode (as an optional feature) geographically
> based on the most concerned governments, if the whole thing isn't going
> fast due to lack of resources?
>
>
No. That's in fact much, much harder.

There's nothing stopping you (and anyone else who is concerned about their
privacy) from using HTTPS Everywhere. We support HTTPS natively as is right
now.

- Ryan
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


p.selitskas at gmail

Jul 31, 2013, 1:56 PM

Post #24 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
Yes, that is exactly what I do. But Google, for instance, redirects me to
HTTP, and if I've logged via HTTPS recently, I would have to log in once
again via HTTP. It's very frustrating. Are there public statistics on HTTPS
v. HTTP processed requests share for Wikimedia? Rough numbers?

For inexperienced users yet concerned about privacy, there should be an
HTTP/HTTPS switch in the Preferences page. We have one at the
registration/log-in page, but I'd like MediaWiki to remember that I want to
use HTTPS only.


On Wed, Jul 31, 2013 at 11:50 PM, Ryan Lane <rlane32 [at] gmail> wrote:

> On Wed, Jul 31, 2013 at 1:39 PM, Paul Selitskas <p.selitskas [at] gmail
> >wrote:
>
> > Can we enable full security mode (as an optional feature) geographically
> > based on the most concerned governments, if the whole thing isn't going
> > fast due to lack of resources?
> >
> >
> No. That's in fact much, much harder.
>
> There's nothing stopping you (and anyone else who is concerned about their
> privacy) from using HTTPS Everywhere. We support HTTPS natively as is right
> now.
>
> - Ryan
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
З павагай,
Павел Селіцкас/Pavel Selitskas
Wizardist @ Wikimedia projects
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Jul 31, 2013, 1:59 PM

Post #25 of 41 (136 views)
Permalink
Re: How's the SSL thing going? [In reply to]
@Paul - Some links that might interest you.

On Wed, Jul 31, 2013 at 4:56 PM, Paul Selitskas <p.selitskas [at] gmail>wrote:

> But Google, for instance, redirects me to
> HTTP
>

https://bugzilla.wikimedia.org/show_bug.cgi?id=51002

For inexperienced users yet concerned about privacy, there should be an
> HTTP/HTTPS switch in the Preferences page. We have one at the
> registration/log-in page, but I'd like MediaWiki to remember that I want to
> use HTTPS only.


https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
https://gerrit.wikimedia.org/r/47089

*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

First page Previous page 1 2 Next page Last page  View All Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.