How's the SSL thing going?

classic Classic list List threaded Threaded
41 messages Options
123
Reply | Threaded
Open this post in threaded view
|

How's the SSL thing going?

David Gerard-2
Jimmy just tweeted this:

https://twitter.com/jimmy_wales/status/362626509648834560

I think that's the first time I've seen him say "fuck" in a public
communication ...

Anyway, I expect people will ask us how the move to all-SSL is
progressing. So, how is it going?

(I've been telling people it's slowly moving along, we totally want
this, it's just technical resources. But more details would be most
useful!)


- d.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Tyler Romeo
Good question.

There are two steps to this:
1) Move all logins to TLS
2) Move all logged in users to TLS

The former was dependent on a bug with E:CentralAuth that was causing
$wgSecureLogin to malfunction. I am not sure whether this bug was ever
fixed (I remember seeing Chris submit a patch for it, but I think it was
abandoned).

Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283 is
probably a blocker for enabled $wgSecureLogin (which would be a
pre-requisite for either of the two above steps).


*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | [hidden email]


On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <[hidden email]> wrote:

> Jimmy just tweeted this:
>
> https://twitter.com/jimmy_wales/status/362626509648834560
>
> I think that's the first time I've seen him say "fuck" in a public
> communication ...
>
> Anyway, I expect people will ask us how the move to all-SSL is
> progressing. So, how is it going?
>
> (I've been telling people it's slowly moving along, we totally want
> this, it's just technical resources. But more details would be most
> useful!)
>
>
> - d.
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Emilio J. Rodríguez-Posada
In reply to this post by David Gerard-2
It was so obvious that int. agencies were doing that. It was discussed in
past threads in the mailing list too.

Also, I have read that SSL is not secure neither. So, bleh...


2013/7/31 David Gerard <[hidden email]>

> Jimmy just tweeted this:
>
> https://twitter.com/jimmy_wales/status/362626509648834560
>
> I think that's the first time I've seen him say "fuck" in a public
> communication ...
>
> Anyway, I expect people will ask us how the move to all-SSL is
> progressing. So, how is it going?
>
> (I've been telling people it's slowly moving along, we totally want
> this, it's just technical resources. But more details would be most
> useful!)
>
>
> - d.
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

David Gerard-2
In reply to this post by David Gerard-2
On 31 July 2013 19:36, David Gerard <[hidden email]> wrote:

> Jimmy just tweeted this:
> https://twitter.com/jimmy_wales/status/362626509648834560
> I think that's the first time I've seen him say "fuck" in a public
> communication ...


And wow, this is the NSA slide that triggered it:

https://image.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/7/31/1375269604628/KS8-001.jpg

That's us there. Fuck these people.


- d.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

David Gerard-2
In reply to this post by Emilio J. Rodríguez-Posada
On 31 July 2013 19:46, Emilio J. Rodríguez-Posada <[hidden email]> wrote:

> Also, I have read that SSL is not secure neither. So, bleh...


PFS. http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

Also, https://en.wikipedia.org/wiki/Nirvana_fallacy - this is
somewhere we can in fact do better step by step


- d.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Chris Steipp
In reply to this post by Tyler Romeo
On Wed, Jul 31, 2013 at 11:40 AM, Tyler Romeo <[hidden email]> wrote:
> Good question.
>
> There are two steps to this:
> 1) Move all logins to TLS
> 2) Move all logged in users to TLS

3) Serve all traffic via HTTPS
4) With PFS and long HSTS timeouts

>
> The former was dependent on a bug with E:CentralAuth that was causing
> $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> fixed (I remember seeing Chris submit a patch for it, but I think it was
> abandoned).

The bug has been fixes as part of the new SUL code. Yay!

>
> Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283 is
> probably a blocker for enabled $wgSecureLogin (which would be a
> pre-requisite for either of the two above steps).

As a few people noticed, we actually threw the switch on wgSecureLogin
yesterday, at which point the UX people felt that experience wasn't
ready, and it was reverted. This bug was one of the issues identified,
where they felt the UX would actually harm the editor experience.

We also have some scaling concerns, so ops is also working on making
sure we have enough capacity on hand to handle major spikes after we
enable this. Hopefully we'll tie up all the loose ends in the near
future, and can try getting to step #1 again.

>
>
> *-- *
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2016
> Major in Computer Science
> www.whizkidztech.com | [hidden email]
>
>
> On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <[hidden email]> wrote:
>
>> Jimmy just tweeted this:
>>
>> https://twitter.com/jimmy_wales/status/362626509648834560
>>
>> I think that's the first time I've seen him say "fuck" in a public
>> communication ...
>>
>> Anyway, I expect people will ask us how the move to all-SSL is
>> progressing. So, how is it going?
>>
>> (I've been telling people it's slowly moving along, we totally want
>> this, it's just technical resources. But more details would be most
>> useful!)
>>
>>
>> - d.
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Tyler Romeo
On Wed, Jul 31, 2013 at 2:50 PM, Chris Steipp <[hidden email]> wrote:

> 3) Serve all traffic via HTTPS
> 4) With PFS and long HSTS timeouts
>

Indeed. I need to be more optimistic. :)

The bug has been fixes as part of the new SUL code. Yay!


Nice!

*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | [hidden email]
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Brian Wolff
In reply to this post by Tyler Romeo
Which kind of ignores the issue that encrypting with ssl doesn't do a
lot against traffic analysis, when its publicly known how big the
pages you're downloading are, and how many images/other assets they
have on them. NSA certainly has the resources to do this if they want.


If you can do this sort of thing:
http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
against google maps, I imagine it should be much simpler to do
something like that for Wikipedia. (Our data has more variation in it,
and the data is all publicly available)

--bawolff

On 7/31/13, Tyler Romeo <[hidden email]> wrote:

> Good question.
>
> There are two steps to this:
> 1) Move all logins to TLS
> 2) Move all logged in users to TLS
>
> The former was dependent on a bug with E:CentralAuth that was causing
> $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> fixed (I remember seeing Chris submit a patch for it, but I think it was
> abandoned).
>
> Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> is
> probably a blocker for enabled $wgSecureLogin (which would be a
> pre-requisite for either of the two above steps).
>
>
> *-- *
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2016
> Major in Computer Science
> www.whizkidztech.com | [hidden email]
>
>
> On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <[hidden email]> wrote:
>
>> Jimmy just tweeted this:
>>
>> https://twitter.com/jimmy_wales/status/362626509648834560
>>
>> I think that's the first time I've seen him say "fuck" in a public
>> communication ...
>>
>> Anyway, I expect people will ask us how the move to all-SSL is
>> progressing. So, how is it going?
>>
>> (I've been telling people it's slowly moving along, we totally want
>> this, it's just technical resources. But more details would be most
>> useful!)
>>
>>
>> - d.
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

James Alexander-4
On Wed, Jul 31, 2013 at 11:55 AM, Brian Wolff <[hidden email]> wrote:

> Which kind of ignores the issue that encrypting with ssl doesn't do a
> lot against traffic analysis, when its publicly known how big the
> pages you're downloading are, and how many images/other assets they
> have on them. NSA certainly has the resources to do this if they want.
>
>
> If you can do this sort of thing:
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> against google maps, I imagine it should be much simpler to do
> something like that for Wikipedia. (Our data has more variation in it,
> and the data is all publicly available)
>
> --bawolff
>
>
Time to start adding a random amount of extra packets with each request? :)

James Alexander
Legal and Community Advocacy
Wikimedia Foundation
(415) 839-6885 x6716 @jamesofur
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Ken Snider

On Jul 31, 2013, at 3:01 PM, James Alexander <[hidden email]> wrote:

> Time to start adding a random amount of extra packets with each request? :)

This is what freenet does, but I think supporting SPDY/HTTP 2.0 [1] will help in this regard as well, as it essentially pipelines requests (so you wouldn't be able to discern which packets were article body, for example).

--Ken.

[1] http://en.wikipedia.org/wiki/HTTP_2.0
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Matthew Walker
In reply to this post by James Alexander-4
>
> Time to start adding a random amount of extra packets with each request? :)


We would need to be very careful to not cause detectable entropy changes
which is not trivial!

Perhaps we promote the deployment of SPDY/QUIC which interleaves requests?

~Matt Walker
Wikimedia Foundation
Fundraising Technology Team


On Wed, Jul 31, 2013 at 12:01 PM, James Alexander
<[hidden email]>wrote:

> On Wed, Jul 31, 2013 at 11:55 AM, Brian Wolff <[hidden email]> wrote:
>
> > Which kind of ignores the issue that encrypting with ssl doesn't do a
> > lot against traffic analysis, when its publicly known how big the
> > pages you're downloading are, and how many images/other assets they
> > have on them. NSA certainly has the resources to do this if they want.
> >
> >
> > If you can do this sort of thing:
> >
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> > against google maps, I imagine it should be much simpler to do
> > something like that for Wikipedia. (Our data has more variation in it,
> > and the data is all publicly available)
> >
> > --bawolff
> >
> >
> Time to start adding a random amount of extra packets with each request? :)
>
> James Alexander
> Legal and Community Advocacy
> Wikimedia Foundation
> (415) 839-6885 x6716 @jamesofur
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

C. Scott Ananian
In reply to this post by Ken Snider
Like dgerald said, let's not let the perfect distract us from the
better.  It will be impossible to 100% secure our visitors' traffic
against an adversary with as many resources as the NSA.  But we can
secure our users against adversaries with fewer resources, and we can
increase the cost of a successful attack so that casual snooping on
everyone and every article isn't possible.  Let's make the NSA use
that expensive targetted 'trafficthief' program at the top of their
pyramid, instead of letting them cheaply/casually sniff everything
with xkeyscore.
 --scott
--
(http://cscott.net)

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Magnus Manske-2
In reply to this post by Brian Wolff
There was the lofty notion of including all images, CSS/JS/whatnot as CDATA
elements in the page itself, for browsers that support it. That would get
around the one issue, but still allow size-based fingerprinting, especially
since most users will follow links within the site, so the search space
gets much smaller. Random package size increase, as mentioned, might help
there.

Magnus



On Wed, Jul 31, 2013 at 7:55 PM, Brian Wolff <[hidden email]> wrote:

> Which kind of ignores the issue that encrypting with ssl doesn't do a
> lot against traffic analysis, when its publicly known how big the
> pages you're downloading are, and how many images/other assets they
> have on them. NSA certainly has the resources to do this if they want.
>
>
> If you can do this sort of thing:
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> against google maps, I imagine it should be much simpler to do
> something like that for Wikipedia. (Our data has more variation in it,
> and the data is all publicly available)
>
> --bawolff
>
> On 7/31/13, Tyler Romeo <[hidden email]> wrote:
> > Good question.
> >
> > There are two steps to this:
> > 1) Move all logins to TLS
> > 2) Move all logged in users to TLS
> >
> > The former was dependent on a bug with E:CentralAuth that was causing
> > $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> > fixed (I remember seeing Chris submit a patch for it, but I think it was
> > abandoned).
> >
> > Also, the discussion on
> https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> > is
> > probably a blocker for enabled $wgSecureLogin (which would be a
> > pre-requisite for either of the two above steps).
> >
> >
> > *-- *
> > *Tyler Romeo*
> > Stevens Institute of Technology, Class of 2016
> > Major in Computer Science
> > www.whizkidztech.com | [hidden email]
> >
> >
> > On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <[hidden email]> wrote:
> >
> >> Jimmy just tweeted this:
> >>
> >> https://twitter.com/jimmy_wales/status/362626509648834560
> >>
> >> I think that's the first time I've seen him say "fuck" in a public
> >> communication ...
> >>
> >> Anyway, I expect people will ask us how the move to all-SSL is
> >> progressing. So, how is it going?
> >>
> >> (I've been telling people it's slowly moving along, we totally want
> >> this, it's just technical resources. But more details would be most
> >> useful!)
> >>
> >>
> >> - d.
> >>
> >> _______________________________________________
> >> Wikitech-l mailing list
> >> [hidden email]
> >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> > _______________________________________________
> > Wikitech-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
undefined
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Risker
Just one question from a relatively non-technical person: What falls off
the map if everything is done using SSL? Is this the protocol that would
make it essentially impossible to read/edit Wikipedia using a normal
internet connection from China?

Risker


On 31 July 2013 15:12, Magnus Manske <[hidden email]> wrote:

> There was the lofty notion of including all images, CSS/JS/whatnot as CDATA
> elements in the page itself, for browsers that support it. That would get
> around the one issue, but still allow size-based fingerprinting, especially
> since most users will follow links within the site, so the search space
> gets much smaller. Random package size increase, as mentioned, might help
> there.
>
> Magnus
>
>
>
> On Wed, Jul 31, 2013 at 7:55 PM, Brian Wolff <[hidden email]> wrote:
>
> > Which kind of ignores the issue that encrypting with ssl doesn't do a
> > lot against traffic analysis, when its publicly known how big the
> > pages you're downloading are, and how many images/other assets they
> > have on them. NSA certainly has the resources to do this if they want.
> >
> >
> > If you can do this sort of thing:
> >
> http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
> > against google maps, I imagine it should be much simpler to do
> > something like that for Wikipedia. (Our data has more variation in it,
> > and the data is all publicly available)
> >
> > --bawolff
> >
> > On 7/31/13, Tyler Romeo <[hidden email]> wrote:
> > > Good question.
> > >
> > > There are two steps to this:
> > > 1) Move all logins to TLS
> > > 2) Move all logged in users to TLS
> > >
> > > The former was dependent on a bug with E:CentralAuth that was causing
> > > $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> > > fixed (I remember seeing Chris submit a patch for it, but I think it
> was
> > > abandoned).
> > >
> > > Also, the discussion on
> > https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> > > is
> > > probably a blocker for enabled $wgSecureLogin (which would be a
> > > pre-requisite for either of the two above steps).
> > >
> > >
> > > *-- *
> > > *Tyler Romeo*
> > > Stevens Institute of Technology, Class of 2016
> > > Major in Computer Science
> > > www.whizkidztech.com | [hidden email]
> > >
> > >
> > > On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <[hidden email]>
> wrote:
> > >
> > >> Jimmy just tweeted this:
> > >>
> > >> https://twitter.com/jimmy_wales/status/362626509648834560
> > >>
> > >> I think that's the first time I've seen him say "fuck" in a public
> > >> communication ...
> > >>
> > >> Anyway, I expect people will ask us how the move to all-SSL is
> > >> progressing. So, how is it going?
> > >>
> > >> (I've been telling people it's slowly moving along, we totally want
> > >> this, it's just technical resources. But more details would be most
> > >> useful!)
> > >>
> > >>
> > >> - d.
> > >>
> > >> _______________________________________________
> > >> Wikitech-l mailing list
> > >> [hidden email]
> > >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> > > _______________________________________________
> > > Wikitech-l mailing list
> > > [hidden email]
> > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
> > _______________________________________________
> > Wikitech-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
>
>
>
> --
> undefined
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Ken Snider
In reply to this post by Magnus Manske-2

On Jul 31, 2013, at 3:12 PM, Magnus Manske <[hidden email]> wrote:

> There was the lofty notion of including all images, CSS/JS/whatnot as CDATA
> elements in the page itself, for browsers that support it. That would get
> around the one issue, but still allow size-based fingerprinting, especially
> since most users will follow links within the site, so the search space
> gets much smaller. Random package size increase, as mentioned, might help
> there.

This is part of why support and rapid adoption of protocols that allow for multiplexing (SPDY/HTTP2.0) are important - they would make the fingerprinting process significantly more difficult.

--Ken.
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

David Gerard-2
In reply to this post by David Gerard-2
On 31 July 2013 19:48, David Gerard <[hidden email]> wrote:

> PFS. http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html


Keeping in mind that PFS is not actually perfect either:
http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse


- d.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

David Gerard-2
In reply to this post by David Gerard-2
Oh - if anyone can authoritatively compose a WMF blog post on the
state of the move to SSL (the move to logins and what happened there,
the NSA slide, ongoing issues like browsers in China, etc), that would
probably be a useful thing :-)


- d.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Ryan Lane-2
On Wed, Jul 31, 2013 at 1:06 PM, David Gerard <[hidden email]> wrote:

> Oh - if anyone can authoritatively compose a WMF blog post on the
> state of the move to SSL (the move to logins and what happened there,
> the NSA slide, ongoing issues like browsers in China, etc), that would
> probably be a useful thing :-)
>
>
I'll be posting blog posts each step of the way as we move to SSL. We have
plans on SSL for anons by default, but there's no official roadmap for
doing so.

- Ryan
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Derric Atzrott
>>Oh - if anyone can authoritatively compose a WMF blog post on the
>>state of the move to SSL (the move to logins and what happened there,
>>the NSA slide, ongoing issues like browsers in China, etc), that would
>>probably be a useful thing :-)
>>
>>
>I'll be posting blog posts each step of the way as we move to SSL. We have
>plans on SSL for anons by default, but there's no official roadmap for
>doing so.

Something sooner than later might be good.  Also have you guys
read the presentation.  A lot of this is very chilling....

I agree with Jimbo.  We need to fix this as best we can.

Thank you,
Derric Atzrott


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: How's the SSL thing going?

Matthew Flaschen-2
In reply to this post by Risker
On 07/31/2013 03:23 PM, Risker wrote:
> Just one question from a relatively non-technical person: What falls off
> the map if everything is done using SSL? Is this the protocol that would
> make it essentially impossible to read/edit Wikipedia using a normal
> internet connection from China?
>
> Risker

Good question.  I'm not aware of the current status, but Tim Starling
said SSL connections to Wikipedia have been blocked in China
(https://bugzilla.wikimedia.org/show_bug.cgi?id=47832#c16).

Matt Flaschen


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
123