there are actually providers like www.startssl.com who issue free certificates (only validated by email address though). StartSSLs root certificate is included in nearly all recent browsers.
Leo On Sunday, February 13, 2011 at 4:14 PM, River Tarnell wrote: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article 18849937.7157.1297583642909.JavaMail.root@benjamin.baylink.com, Jay Ashworth jra@baylink.com wrote:
Yeah, secure.wikimedia.org's URL scheme isn't really friendly to outsiders. Historically, this is because SSL certificates are expensive, and there just wasn't enough money in the budget to get more of them for the top-level domains. Maybe this isn't the case anymore.
Is that in fact the root cause, Chad? I assumed, myself, that it's because of the squid architecture.
LVS is in front of Squid, so it would be fairly simple to send SSL traffic (port 443) to a different machine; which is how secure.wm.o works now, except that instead of using LVS, it requires a different hostname.
However, I think the idea is not to start allowing https://en.wikipedia.org URLs until there's a better SSL infrastructure which can handle the extra load an easy-to-use, widely advertised SSL gateway is likely to create. secure.wm.o is currently a single machine and sometimes falls over, e.g. when Squid breaks for some reason and people notice that secure still works.
SSL certificates aren't that cheap, but only about 8 would be needed (one for each project, e.g. *.wikipedia.org), so the cost isn't prohibitive anymore.
- river.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (NetBSD)
iEYEARECAAYFAk1X9R4ACgkQIXd7fCuc5vKwtACeLCWBLoOs8ymRfwJujpdcpcEx l+QAn2i/35DVQ/qLSsSY7auws/YqkW0v =oyfW -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l