Ok, I agree with both of you that ssl is probably no deal for current machines and browsers. But anyway - I am afraid that /forcing/ people to use anything is a bad idea. It should be up to them to do what they like on their own risk.
There are countries where encryption is illegal (not really expert on that, but I heard that in Iran and such countries encryption is problem), and these people would not be able to register / edit wikipedia using an account if you made it a requirement. First step should be just making it a default option for everyone, before actually enforcing anybody. On Tue, Apr 30, 2013 at 7:52 PM, Luis Villa <[email protected]> wrote: > On Tue, Apr 30, 2013 at 10:27 AM, Petr Bena <[email protected]> wrote: >> SSL is requiring more CPU, > > Not really. > > "In January this year (2010), Gmail switched to using HTTPS for > everything by default. Previously it had been introduced as an option, > but now all of our users use HTTPS to secure their email between their > browsers and Google, all the time. In order to do this we had to > deploy no additional machines and no special hardware. On our > production frontend machines, SSL/TLS accounts for less than 1% of the > CPU load, less than 10KB of memory per connection and less than 2% of > network overhead. Many people believe that SSL takes a lot of CPU time > and we hope the above numbers (public for the first time) will help to > dispel that." > > http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html > > Luis > > > >> both on server and client and disable all >> kinds of cache (such as squid or varnish), and some browsers may have >> problems with it OR in some countries encryption may be even illegal. >> >> Whatever you are going to do, you should let people turn it off. >> Wikimedia project itself has horrible security (in this thread I >> started some time ago - >> http://www.gossamer-threads.com/lists/wiki/wikitech/277357?do=post_view_threaded#277357 >> I was even told that wikimedia doesn't need good security at all, >> because user accounts aren't so critical there), forcing SSL will not >> improve it much >> >> On Tue, Apr 30, 2013 at 6:30 AM, Paul Selitskas <[email protected]> >> wrote: >>> On Tue, Apr 30, 2013 at 5:55 AM, Tyler Romeo <[email protected]> wrote: >>>> On Mon, Apr 29, 2013 at 9:07 PM, Paul Selitskas >>>> <[email protected]>wrote: >>>> >>>>> There are some situations when HTTPS won't work (for example, blocked >>>>> by provider or government). How does one disable HTTPS without >>>>> actually accessing a HTTPS version if the user is redirected from HTTP >>>>> automatically? >>>>> >>>>> HTTPS was once blocked in Belarus, thus disabling access to above >>>>> mentioned GMail, Facebook, Twitter and so on. There should be always >>>>> an option (like ?noSecure=1). >>>>> >>>> >>>> Well, with $wgSecureLogin the idea is that it is completely disallowed to >>>> log in, i.e., enter a password, over an insecure connection. >>>> >>> >>> Ah, I missed that moment. Thanks. >>> >>> -- >>> З павагай, >>> Павел Селіцкас/Pavel Selitskas >>> Wizardist @ Wikimedia projects >>> >>> _______________________________________________ >>> Wikitech-l mailing list >>> [email protected] >>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> >> _______________________________________________ >> Wikitech-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > -- > Luis Villa > Deputy General Counsel > Wikimedia Foundation > 415.839.6885 ext. 6810 > > NOTICE: This message may be confidential or legally privileged. If you > have received it by accident, please delete it and let us know about > the mistake. As an attorney for the Wikimedia Foundation, for > legal/ethical reasons I cannot give legal advice to, or serve as a > lawyer for, community members, volunteers, or staff members in their > personal capacity. > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
