On Sat, Aug 17, 2013 at 05:55:36PM -0400, Sumana Harihareswara wrote:
I suggest that we also update either https://meta.wikimedia.org/wiki/HTTPS or a hub page on http://wikitech.wikimedia.org/ or https://www.mediawiki.org/wiki/Security_auditing_and_response with up-to-date plans, to make it easier for experts inside and outside the Wikimedia community to get up to speed and contribute. For topics under internal discussion and investigation, I would love a simple bullet point saying: "we're thinking about that, sorry nothing public or concrete yet, contact $person if you have experience to share."
This is a good suggestion. We had a pad that we've been working on even before this thread; a few of us (Ryan, Mark, Asher, Ken, myself) met the other day and worked a bit on our strategy from the operations perspective and put out our notes at: https://wikitech.wikimedia.org/wiki/HTTPS/Future_work
It's still very rudimentary bullet-point summary so it might not be an easy read. Feel free to ask questions here or or on-wiki.
There's obviously still a lot of unknowns -- we have a lot of "evaluate this" TODO item. Feel provide feedback or audit our choices, though, it'd be very much welcome. If you feel you can help in some of these areas in some other ways, feel free to say so and we'll try to find a way to make it happen.
Regards, Faidon