On Tue, Dec 22, 2009 at 6:14 PM, Florian Lohoff <[email protected]> wrote: > On Tue, Dec 22, 2009 at 02:30:38PM +0000, Tom Hughes wrote: >> On 22/12/09 14:11, John Smith wrote: >> >> > When does anyone plan to use SSL to protect passwords and users on OSM? >> >> It's on my to do list to create a CSR and give to it to Grant. >> >> There are some issues to work out with regard to what we protect though >> as we don't really want to be using SSL for all the API requests though >> so we would prefer to encourage clients to move to using OAuth so we can >> then just protect the initial exchange when the application is authorised. > > My guess is that the API server is fully I/O bound and has massive spare CPU. > So encrypting all API calls shouldnt be much of a problem - There is not that > much data transferred anyway, just a lot of connected with little data in > them. >
Can we please stop guessing / explaining how easy it is, and believe that the sysadmin team aren't mindless idiots and actually know what they're doing? Please? It would make this list a heck of a lot easier to read if every other e-mail wasn't utter rubbish. Thanks, Dave _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
