Domas Mituzas <[email protected]> wrote: >> Most browsers (and RSS readers and ...) will bark at it as >> "(potentially) unsafe". Therefore, IMHO Wikimedia should >> either use established CA's certificates or publish informa- >> tion on the "private" (or CAcert) certificates on a trust- >> worthy server, in paper publications, etc. where it can be >> used to verify the certificates.
> I know what happens when self-signed certificate is used. > Why the heck is that an issue with wikitech.wikimedia.org wiki? Because when you access <URI:https://wikitech.wikimedia.org/>, it will bark :-). Would not all references to wikitech.leuksman.com have been advertizing the HTTPS access (and the Google ratio is still about 55900:209 :-)), I would not care. But IMVHO *if* HTTPS requests are served, that should be done "properly". >> P. S.: Yes, it *is* highly unlikely that >> wikitech.wikimedia.org's A record gets hijacked and a >> MITM attack is staged as little could be gained. > And then what? > I for one use HTTP to access that wiki, feel free to hijack my > account, and, um, vandalize. You won't need to do MITM for that, > actually, will save you some effort. > I thought there're more important issues out there ;-) I can assure you you are *very* right on that thought :-). Tim _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
