On Fri, Aug 23, 2013 at 10:46 AM, Chris Steipp csteipp@wikimedia.org wrote:
With all the talk about turning on $wgSecureLogin for WMF sites, there has been a lot of misconceptions about how the option works, and difference of opinions about how they should work in the future.
I started: https://www.mediawiki.org/wiki/Requests_for_comment/Login_security
Hi folks,
I filled in a few things for our plan of record, which I'll summarize here:
1. Use of GeoIP to disable HTTPS for the MediaWiki login vs enabling on per wiki basis
Plan of record: Implement GeoIP-based exclusion from the HTTPS default for China and Iran for all wikis, and rely exclusively on GeoIP for exclusion strategy (do not vary based on wiki).
2. Use of a preference vs login form checkbox vs hidden option vs sensible default
Plan of record: Have a preference (default: on) for always using a secure HTTPS connection as a logged user. This preference will be hidden for users in China and Iran, where the behavior will be off.
3. How interactions with login.wikimedia.org will work
Plan of record: we'll keep the status quo for Wednesday, August 28, but this will be the next item we explore.
4. Validation of our HTTPS test methodology
Plan of record: TBD. We haven't had a chance to regroup after figuring out the problems with our initial methodology. We'll do more next week.
Rob