----- Original Message ----- > From: "River Tarnell" <[email protected]>
> In article > <[email protected]>, > Jay Ashworth <[email protected]> wrote: > > > Yeah, secure.wikimedia.org's URL scheme isn't really friendly > > > to outsiders. Historically, this is because SSL certificates are > > > expensive, and there just wasn't enough money in the budget > > > to get more of them for the top-level domains. Maybe this isn't > > > the case anymore. > > > Is that in fact the root cause, Chad? I assumed, myself, that it's > > because > > of the squid architecture. > > LVS is in front of Squid, so it would be fairly simple to send SSL > traffic (port 443) to a different machine; which is how secure.wm.o > works now, except that instead of using LVS, it requires a different > hostname. Got it. > However, I think the idea is not to start allowing > https://en.wikipedia.org URLs until there's a better SSL > infrastructure > which can handle the extra load an easy-to-use, widely advertised SSL > gateway is likely to create. secure.wm.o is currently a single machine > and sometimes falls over, e.g. when Squid breaks for some reason and > people notice that secure still works. You did get the "EFF is pushing a Firefox plugin that has a rule that redirects all WP accesses to the secure site" part of that report, though, right? This curve has probably already started to ramp; now might be a good time for someone ops-y to be thinking about this. Cheers, -- jra _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
