Re: [Wikitech-l] Deployment highlights - week of August 19th

Sat, 17 Aug 2013 08:58:30 -0700 

Le Sat, 17 Aug 2013 15:58:01 +0200, MZMcBride <z...@mzmcbride.com> a écrit:

Greg Grossmeier wrote:

== Wednesday ==
* We will enable secure login (via HTTPS) by default. This means that
 all logged in users will read and edit the site via a secure
 connection over HTTPS. Given some restrictions/internet blocks in some
 jurisdictions, we will disable this feature on specific language
 wikis.



* Will logged in users automatically be redirected from HTTP to HTTPS  
once

this change is live?

* Will links in e-mail notifications switch from HTTP to HTTPS?

Most importantly, a change like this will inevitably result in a small
percentage of users no longer being able to access the site.

** How are editors expected to be able to report issues if they're no
longer able to access the site? Will they simply have to edit a village
pump anonymously and hope that someone notices?

** Will there be any opt-out mechanism for logged in users?


*** Is the editing community willing to lose a small percentage of  
editors

who will no longer be able to contribute to the site?

MZMcBride



Given the number of questions coming with HTTPS, I find we should discuss  
it in a central and perennial location, probably on the new page  
[[meta:HTTPS]] <https://meta.wikimedia.org/wiki/HTTPS>.



Indeed, in addition to the WMF, the public and editors are now concerned  
about the privacy and browsing security, but HTTPS has many challenges  
that need to be addressed:
* technical issues (e.g. caching, performance, MITM mitigation, PFS/cipher  
suites, DNSSEC),
* diplomatic issues (e.g. country of issuance of the certificate, firewall  
of China),
* user interaction issues (e.g. diffuse knowledge about HTTPS and  
security, management of errors, promotion of pinning/TACK?  
<http://tack.io>)
So tech and non-tech people should be involved in the discussions to  
better balance all aspects of the security/privacy.


Just my POV,
Seb35

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l





















					Reply via email to