On Fri, Aug 23, 2013 at 10:46 AM, Chris Steipp <csteipp(a)wikimedia.org> wrote:
With all the talk about turning on $wgSecureLogin for
WMF sites, there has
been a lot of misconceptions about how the option works, and difference of
opinions about how they should work in the future.
I started:
https://www.mediawiki.org/wiki/Requests_for_comment/Login_security
Hi folks,
I filled in a few things for our plan of record, which I'll summarize here:
1. Use of GeoIP to disable HTTPS for the MediaWiki login vs enabling
on per wiki basis
Plan of record: Implement GeoIP-based exclusion from the HTTPS default
for China and Iran for all wikis, and rely exclusively on GeoIP for
exclusion strategy (do not vary based on wiki).
2. Use of a preference vs login form checkbox vs hidden option vs
sensible default
Plan of record: Have a preference (default: on) for always using a
secure HTTPS connection as a logged user. This preference will be
hidden for users in China and Iran, where the behavior will be off.
3. How interactions with
login.wikimedia.org will work
Plan of record: we'll keep the status quo for Wednesday, August 28,
but this will be the next item we explore.
4. Validation of our HTTPS test methodology
Plan of record: TBD. We haven't had a chance to regroup after
figuring out the problems with our initial methodology. We'll do more
next week.
Rob