On 11 May 2014, at 20:03, Platonides platonides@gmail.com wrote:
Merlijn van Deen wrote:
On 11 May 2014 13:55, Silke Meyer <silke.meyer@wikimedia.de mailto:silke.meyer@wikimedia.de> wrote:
It is not a trivial redirect: Wikimedia Deutschland will obviously not give the wildcard SSL certificate for *.wikimedia.de http://wikimedia.de to WMF (and WMF would not want to have it). This would mean we would have to completely delegate that subdomain to WMF and guarantee that it stays like that forever. This is hard to guarantee and it is also misleading to delegate a .de subdomain to the Foundation.
First of all: Why would the (sub)domain need to be delegated to the WMF? The redirect could just be on WMDE servers.
If the redirect *has* to be on Foundation servers for some reason, it could just use a specific tools.wikimedia.de http://tools.wikimedia.de certificat -- or we could just kill SSL altogether -- the tools.wikimedia.de http://tools.wikimedia.de domain is from before the toolserver even had SSL support.
+1
I think you are viewing things more complex than they really are, Silke.
Indeed. Assuming WMDE isn't planning on not having any web servers, their existing web server for wikimedia.de can keep redirecting tools.wikimedia.de to toolserver.org. No changes necessary.
If WMDE really wants to remove them, they could point that subdomain to WMF servers and have WMF do the redirect and simply don't provide an SSL certificate. E.g. WMF would use a self-signed certificate or an invalid one like the one for wikipedia.org, WMF does this all the time for old or unused domains:
wikipedia.com * https://www.wikipedia.com/
wikimediacommons.org * https://wikimediacommons.org/
And if we really really want, one could purchase a separate certificate for just tools.wikimedia.org (so that the wildcard one isn't needed) and transfer only that to WMF.
— Krinkle