On Tue, Dec 22, 2009 at 02:30:38PM +0000, Tom Hughes wrote: > On 22/12/09 14:11, John Smith wrote: > > > When does anyone plan to use SSL to protect passwords and users on OSM? > > It's on my to do list to create a CSR and give to it to Grant. > > There are some issues to work out with regard to what we protect though > as we don't really want to be using SSL for all the API requests though > so we would prefer to encourage clients to move to using OAuth so we can > then just protect the initial exchange when the application is authorised.
My guess is that the API server is fully I/O bound and has massive spare CPU. So encrypting all API calls shouldnt be much of a problem - There is not that much data transferred anyway, just a lot of connected with little data in them. I'd like to see SSL encrypted connections for everything, there are a lot of employees spying on their staff, governments on their population and people each other. I am not afraid in loosing my password to someone as its a unique for OSM but the world is full of privacy black holes and we want to support our users/mappers against any breach of confidentiality. Flo -- Florian Lohoff [email protected] "Es ist ein grobes Missverständnis und eine Fehlwahrnehmung, dem Staat im Internet Zensur- und Überwachungsabsichten zu unterstellen." - - Bundesminister Dr. Wolfgang Schäuble -- 10. Juli in Berlin
signature.asc
Description: Digital signature
_______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
