This part of the discussion has strayed a bit far from the politics of 
encryption. ;-)

Not that it doesn't have value, but if I can bring it back on-topic for a 

The gist of the HTTPS issues is that it's simply not an engineering discussion, 
it's a political one. The abuses recently revealed in the United States is 
either orthogonal to the issue of the politics of encryption (in that HTTPS 
encryption in China, Iran, and the future is in discussion), or is the direct 
salient (in that it is a prime motivator for accelerating HTTPS rollout which 
has triggered this issue).

I, for one, would like to see the discussion of what to do. I'm of the believe 
that there is no simple engineering decision without introducing practical, 
political, legal, and moral complications. I suspect that even the more clever 
or complex ones also introduce these issues. It's important to outline what our 
choices are and the consequences of those choices, and derive consensus on what 
the right choice is going forward, as it is clear what we have now[1] is a 
temporary band-aid.[2]

I'm less sanguine about Erik's suggestion that creating a deadline to 
HTTP-canonical will actually get us to an adequate resolution. The reason is 
simply—whatever I think of Google personally—I feel Google has a 
highly-capable, highly-motivated, engineering-driven staff, and they were 
unable to come up with a workable solution. Unlike Google, we have a clear 
sense about what motivates us[3], so we need to figure out how best to get 
there/interpret it.

[2]: Maybe start an RfC or other wiki page on Meta with a summary of the 
discussion so far?

Take care,


On Sep 3, 2013, at 11:50 AM, Kirill Lokshin <> wrote:

> The thing is, it's kind of a crapshoot anyways.  You might see something that 
> you think might be classified and report it; but, unless you actually have 
> the corresponding clearance yourself, you have no way of knowing for certain 
> whether the material is in fact classified in the first place.  Conversely, 
> anyone who does have that information is unlikely to confirm it one way or 
> the other, for obvious reasons. 
> To make things even more convoluted, reporting certain kinds of material to 
> the WMF could itself potentially be considered illegal in some circumstances, 
> since not everyone at the WMF is considered a "US person" for ITAR purposes. 
> Kirill
> On Sep 3, 2013, at 2:34 PM, "Fred Bauder" <> wrote:
>>> To be fair, none of the people receiving requests through legal@ or
>>> emergency@ have security clearances either.
>>> Kirill
>> True, but there are not so many of them. I'm not sure if a request about
>> a major matter has ever been made through any channel. In a way, that is
>> kind of a dumb move.
>> Fred

Wikimedia-l mailing list

Reply via email to