On Sun, Feb 20, 2011 at 3:49 AM, ChrisiPK chrisipk@gmail.com wrote:
for a few weeks now, I have been using a Firefox extension which automatically redirects me to the secure.wikimedia.org server when visiting a Wikimedia site. Unfortunately, this does not work for all wikis, e.g. the OTRS wiki is not included in the redirect rule set. At first, I was thinking about creating a rule and submitting that to the extension developers, but then I thought:
Shouldn't we require HTTPS by default for wikis containing sensitive information, such as the OTRS wiki and similar ones (oversight? foundation? I don't have a full list right now, but can imagine that there are more.)?
I would definitely recommend this -- it's been on the agenda for.... well literally for *years*, but always got swallowed up by time spent on other things.
It should be pretty straightforward actually to aim a few of those standalone wikis straight at the existing secure.wikimedia.org proxy -- which appears to currently have a *.wikimedia.org wildcard cert -- or at another dedicated one, and swap both the non-SSL URLs and the old-fashioned secure.wikimedia.org entries for them to redirect to the canonical domain with HTTPS.
Thus we could simply use https://internal.wikimedia.org/ etc.
This could be done with much less worry about configuration changes and load issues than doing the same for the higher-profile, higher-traffic sites on their own domains, but can help build familiarity and confidence for both ops and users.
-- brion