On Sun, Feb 20, 2011 at 3:49 AM, ChrisiPK <chrisipk(a)gmail.com> wrote:
for a few weeks now, I have been using a Firefox
extension which
automatically
redirects me to the
secure.wikimedia.org server when visiting a Wikimedia
site. Unfortunately, this does not work for all wikis, e.g. the OTRS wiki
is
not included in the redirect rule set. At first, I was thinking about
creating
a rule and submitting that to the extension developers, but then I thought:
Shouldn't we require HTTPS by default for wikis containing sensitive
information, such as the OTRS wiki and similar ones (oversight? foundation?
I
don't have a full list right now, but can imagine that there are more.)?
I would definitely recommend this -- it's been on the agenda for.... well
literally for *years*, but always got swallowed up by time spent on other
things.
It should be pretty straightforward actually to aim a few of those
standalone wikis straight at the existing
secure.wikimedia.org proxy --
which appears to currently have a *.wikimedia.org wildcard cert -- or at
another dedicated one, and swap both the non-SSL URLs and the old-fashioned
secure.wikimedia.org entries for them to redirect to the canonical domain
with HTTPS.
Thus we could simply use
https://internal.wikimedia.org/ etc.
This could be done with much less worry about configuration changes and load
issues than doing the same for the higher-profile, higher-traffic sites on
their own domains, but can help build familiarity and confidence for both
ops and users.
-- brion