Just one question from a relatively non-technical person: What falls off
the map if everything is done using SSL? Is this the protocol that would
make it essentially impossible to read/edit Wikipedia using a normal
internet connection from China?
Risker
On 31 July 2013 15:12, Magnus Manske <magnusmanske(a)googlemail.com> wrote:
There was the lofty notion of including all images,
CSS/JS/whatnot as CDATA
elements in the page itself, for browsers that support it. That would get
around the one issue, but still allow size-based fingerprinting, especially
since most users will follow links within the site, so the search space
gets much smaller. Random package size increase, as mentioned, might help
there.
Magnus
On Wed, Jul 31, 2013 at 7:55 PM, Brian Wolff <bawolff(a)gmail.com> wrote:
Which kind of ignores the issue that encrypting
with ssl doesn't do a
lot against traffic analysis, when its publicly known how big the
pages you're downloading are, and how many images/other assets they
have on them. NSA certainly has the resources to do this if they want.
If you can do this sort of thing:
http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
against google maps, I imagine it should be much
simpler to do
something like that for Wikipedia. (Our data has more variation in it,
and the data is all publicly available)
--bawolff
On 7/31/13, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
> Good question.
>
> There are two steps to this:
> 1) Move all logins to TLS
> 2) Move all logged in users to TLS
>
> The former was dependent on a bug with E:CentralAuth that was causing
> $wgSecureLogin to malfunction. I am not sure whether this bug was ever
> fixed (I remember seeing Chris submit a patch for it, but I think it
was
abandoned).
Also, the discussion on
https://bugzilla.wikimedia.org/show_bug.cgi?id=52283
> is
> probably a blocker for enabled $wgSecureLogin (which would be a
> pre-requisite for either of the two above steps).
>
>
> *-- *
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2016
> Major in Computer Science
>
www.whizkidztech.com | tylerromeo(a)gmail.com
>
>
> On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dgerard(a)gmail.com>
wrote:
Jimmy just tweeted this:
https://twitter.com/jimmy_wales/status/362626509648834560
I think that's the first time I've seen him say "fuck" in a public
communication ...
Anyway, I expect people will ask us how the move to all-SSL is
progressing. So, how is it going?
(I've been telling people it's slowly moving along, we totally want
this, it's just technical resources. But more details would be most
useful!)
- d.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--
undefined
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l