----- Original Message ----- > From: "River Tarnell" <r.tarn...@ieee.org>
> In article > <18849937.7157.1297583642909.javamail.r...@benjamin.baylink.com>, > Jay Ashworth <j...@baylink.com> wrote: > > > Yeah, secure.wikimedia.org's URL scheme isn't really friendly > > > to outsiders. Historically, this is because SSL certificates are > > > expensive, and there just wasn't enough money in the budget > > > to get more of them for the top-level domains. Maybe this isn't > > > the case anymore. > > > Is that in fact the root cause, Chad? I assumed, myself, that it's > > because > > of the squid architecture. > > LVS is in front of Squid, so it would be fairly simple to send SSL > traffic (port 443) to a different machine; which is how secure.wm.o > works now, except that instead of using LVS, it requires a different > hostname. Got it. > However, I think the idea is not to start allowing > https://en.wikipedia.org URLs until there's a better SSL > infrastructure > which can handle the extra load an easy-to-use, widely advertised SSL > gateway is likely to create. secure.wm.o is currently a single machine > and sometimes falls over, e.g. when Squid breaks for some reason and > people notice that secure still works. You did get the "EFF is pushing a Firefox plugin that has a rule that redirects all WP accesses to the secure site" part of that report, though, right? This curve has probably already started to ramp; now might be a good time for someone ops-y to be thinking about this. Cheers, -- jra _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
