Just one question from a relatively non-technical person: What falls off the map if everything is done using SSL? Is this the protocol that would make it essentially impossible to read/edit Wikipedia using a normal internet connection from China?
Risker On 31 July 2013 15:12, Magnus Manske <[email protected]> wrote: > There was the lofty notion of including all images, CSS/JS/whatnot as CDATA > elements in the page itself, for browsers that support it. That would get > around the one issue, but still allow size-based fingerprinting, especially > since most users will follow links within the site, so the search space > gets much smaller. Random package size increase, as mentioned, might help > there. > > Magnus > > > > On Wed, Jul 31, 2013 at 7:55 PM, Brian Wolff <[email protected]> wrote: > > > Which kind of ignores the issue that encrypting with ssl doesn't do a > > lot against traffic analysis, when its publicly known how big the > > pages you're downloading are, and how many images/other assets they > > have on them. NSA certainly has the resources to do this if they want. > > > > > > If you can do this sort of thing: > > > http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html > > against google maps, I imagine it should be much simpler to do > > something like that for Wikipedia. (Our data has more variation in it, > > and the data is all publicly available) > > > > --bawolff > > > > On 7/31/13, Tyler Romeo <[email protected]> wrote: > > > Good question. > > > > > > There are two steps to this: > > > 1) Move all logins to TLS > > > 2) Move all logged in users to TLS > > > > > > The former was dependent on a bug with E:CentralAuth that was causing > > > $wgSecureLogin to malfunction. I am not sure whether this bug was ever > > > fixed (I remember seeing Chris submit a patch for it, but I think it > was > > > abandoned). > > > > > > Also, the discussion on > > https://bugzilla.wikimedia.org/show_bug.cgi?id=52283 > > > is > > > probably a blocker for enabled $wgSecureLogin (which would be a > > > pre-requisite for either of the two above steps). > > > > > > > > > *-- * > > > *Tyler Romeo* > > > Stevens Institute of Technology, Class of 2016 > > > Major in Computer Science > > > www.whizkidztech.com | [email protected] > > > > > > > > > On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <[email protected]> > wrote: > > > > > >> Jimmy just tweeted this: > > >> > > >> https://twitter.com/jimmy_wales/status/362626509648834560 > > >> > > >> I think that's the first time I've seen him say "fuck" in a public > > >> communication ... > > >> > > >> Anyway, I expect people will ask us how the move to all-SSL is > > >> progressing. So, how is it going? > > >> > > >> (I've been telling people it's slowly moving along, we totally want > > >> this, it's just technical resources. But more details would be most > > >> useful!) > > >> > > >> > > >> - d. > > >> > > >> _______________________________________________ > > >> Wikitech-l mailing list > > >> [email protected] > > >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > _______________________________________________ > > > Wikitech-l mailing list > > > [email protected] > > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > _______________________________________________ > > Wikitech-l mailing list > > [email protected] > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > > > -- > undefined > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
