On Sun, Apr 1, 2012 at 1:14 PM, Ryan Lane <rlan...@gmail.com> wrote: > TL;DR: we have no plans for anonymous HTTPS by default, but will > eventually default to HTTPS for logged-in users. > > 1. It would require an ssl terminator on every frontend cache. The ssl > terminators eat memory, which is also what the frontend caches do. > 2. HTTPS dramatically increases latency, which would be kind of > painful for mobile.
Without getting into how other countries censor data (boo!) I agree with the first two points. SSL terminators are much more memory and cpu intensive which would require many more machines. Also there are more RTT's required for https/ssl and our ping latency is not very good since we do not have a very geographically diverse infrastructure. The two solutions for this are #1 more and beefier machines and #2 caching centers in various locations physically closer to users (which also requires a lot of #1). Sadly the biggest drawback of these two points is that they both cost a lot of money and that would mean a lot more pop up banners of Jimmy asking for cash :( Leslie P.S. I peronally like the idea of a cookie that you can check box at the top of the page (one time showing only perhaps?) that would default send users to https upon request. However I don't think we can do this with our current infrastructure due to the above issues. > 3. Some countries may completely block HTTPS, but allow HTTP to our > sites so that they can track users. Is it better for us to provide > them content, or protect their privacy? > 4. It's still possible for governments to see that people are going to > wikimedia sites when using HTTPS, so it's still possible to oppress > people for trying to visit sites that are disallowed. > > On Sun, Apr 1, 2012 at 7:06 PM, David Gerard <dger...@gmail.com> wrote: >> Lots of monitoring going into place: >> >> https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_Arabia >> http://www.bbc.co.uk/news/uk-politics-17576745 >> >> What are the current technical barriers to redirection to https by default? >> >> >> - d. >> >> _______________________________________________ >> Wikitech-l mailing list >> Wikitech-l@lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l -- Leslie Carr Wikimedia Foundation AS 14907, 43821 _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
