On 13/01/13 20:07, Daniel Kahn Gillmor wrote: > On 01/13/2013 01:22 PM, Joerg Jaspert wrote: >> - wiki.debconf.org is now only reachable by SSL. non-ssl gets >> redirected. Though I would be happy enough to let non-ssl access it >> too, if someone takes the time to tweak either the apache config or >> mediawiki so that it requires SSL for logins (and maybe anonymous >> edits?), ie. reading only for non-ssl. >> Keep in mind, its squeeze, so mediawiki from there... > > Thank you, Joerg! This is really valuable work. > > fwiw, i don't think that browsing via cleartext http is a useful goal, > given the problems with session hijacking, sslstrip-style attacks, etc. > > If the https connections are considered too onerous for some reason, i'd > be happy to try to help troubleshoot and improve the situation, if > that's desired. >
https hasn't been too onerous for Nokia: http://gizmodo.com/5975095/nokias-xpress-browser-decrypts-your-https-data Two factor authentication may be the next step _______________________________________________ Debconf-team mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-team
