On Mar 10, 2012, at 10:54 AM, Matthew Toseland wrote: > On Saturday 10 Mar 2012 16:44:55 Daxter wrote: >> On Mar 10, 2012, at 3:44 AM, Florent Daigniere wrote: >>> On Fri, Mar 09, 2012 at 07:11:19PM -0600, Daxter wrote: >>>> >>>> I'm all for HTTPS, but do we really want to outright *remove* >>>> functionality from the site? Sure, HTTP isn't secure and all "modern" web >>>> browsers support it. However, we would be making it harder for people to >>>> learn about Freenet and potentially try it out. >>>> >>> >>> Why? You could still access it over HTTP... and be presented with >>> (transparent) redirect to the secure version. >> >> I just scratched an itch and discovered that even Lynx supports HTTPS? If it >> really is the case that HTTPS has become so ubiquitous that users wouldn't >> be affected, then sure, go ahead with it. >> >> HOWEVER: the question really needs to be restated. Are there any countries >> or ISPs that are known to disallow secure communications? >> >>>> In the end I think we should do what every major website does today: >>>> encrypt the important data and let the entire site be accessible securely, >>>> but don't force it onto people. >>>> >>>> -Daxter >>> >>> It's very difficult to do and most websites do it wrong. You have to think >>> about mixed-content errors, cookie flags, ... >>> >>> Sending credentials in cleartext like we do on the wikis, with no secure >>> alternative, is a disgrace. >>> >>> Florent >> >> >> Can you give me an example of a website that in your mind does either the >> mixed model or the secure-only model properly? It would be nice to compare >> with them. >> >> Actually, the wiki supports HTTPS right now. You'll get a certificate error, >> but it works. > > Why do you get a cert error? We have a wildcard cert! >> >> While we're on the subject (as I've never bothered with HTTPS on the site >> until now), turns out it's rather misconfigured. Both the wiki and the main >> site return a certificate for emu.freenetproject.org? That address isn't >> accessible--what was it, and shouldn't we get this fixed? > > Eh? I thought we used the wildcard cert for everything?
Nope, both are using a cert for emu.freenetproject.org. Also, the certificate is bound to expire on 4/27/2012 so we really should get this fixed!
