Le Sat, 17 Aug 2013 15:58:01 +0200, MZMcBride <z...@mzmcbride.com> a écrit:
Greg Grossmeier wrote:
== Wednesday ==
* We will enable secure login (via HTTPS) by default. This means that
all logged in users will read and edit the site via a secure
connection over HTTPS. Given some restrictions/internet blocks in some
jurisdictions, we will disable this feature on specific language
wikis.
* Will logged in users automatically be redirected from HTTP to HTTPS
once
this change is live?
* Will links in e-mail notifications switch from HTTP to HTTPS?
Most importantly, a change like this will inevitably result in a small
percentage of users no longer being able to access the site.
** How are editors expected to be able to report issues if they're no
longer able to access the site? Will they simply have to edit a village
pump anonymously and hope that someone notices?
** Will there be any opt-out mechanism for logged in users?
*** Is the editing community willing to lose a small percentage of
editors
who will no longer be able to contribute to the site?
MZMcBride
Given the number of questions coming with HTTPS, I find we should discuss
it in a central and perennial location, probably on the new page
[[meta:HTTPS]] <https://meta.wikimedia.org/wiki/HTTPS>.
Indeed, in addition to the WMF, the public and editors are now concerned
about the privacy and browsing security, but HTTPS has many challenges
that need to be addressed:
* technical issues (e.g. caching, performance, MITM mitigation, PFS/cipher
suites, DNSSEC),
* diplomatic issues (e.g. country of issuance of the certificate, firewall
of China),
* user interaction issues (e.g. diffuse knowledge about HTTPS and
security, management of errors, promotion of pinning/TACK?
<http://tack.io>)
So tech and non-tech people should be involved in the discussions to
better balance all aspects of the security/privacy.
Just my POV,
Seb35
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l