So, if the masses finally decide that we "need" SSL, who's paying for the security certificate? Or would we have to plan to run without a properly signed cert?
Of course, the certifiacte would have to be "owned" by someone. Who's name is going to be on the certificate? Bomis'? That wouldn't make sense, since we'd have to get a new one when the non-profit is set up.
Whether SSL is a good idea in this situation isn't the issue. Setting it up properly involves getting some other things done first. IMHO, Moving forward on SSL at this point would be slightly premature.
Jason
Tomasz Wegrzanowski wrote:
On Mon, Mar 31, 2003 at 01:38:19PM -0600, Lee Daniel Crocker wrote:
(Tim Starling ts4294967296@hotmail.com):
If we really want to be serious about security we'll have to use ssl for login, but I don't know how to do that.
That's entirely too paranoid. Frankly, I don't see much need for high security of Wikipedia logins. It's not like we're storing medical records. (Oh my God! My neighbor might find out that I like the "Nostalgia" skin!) The only real risk is that someone might log in as me and make edits in my name, but then I'd just disavow them and change my password.
We should make it an option to login via SSL at least for sysops. It's pretty dangerous to send sysop passwords unencrypted. _______________________________________________ Wikitech-l mailing list Wikitech-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikitech-l
On Mon, 31 Mar 2003, Jason Richey wrote:
So, if the masses finally decide that we "need" SSL, who's paying for the security certificate? Or would we have to plan to run without a properly signed cert?
I have no problem with a self-signed cert; the idea is mainly to keep cleartext passwords off the public internet, not to verify that some megacorp has a physical address to track Wikipedia down if we steal someone's money without sending them their purchase.
If people want something that's been rubber stamped by a large corporation hundreds or thousands of miles away which probably won't actually bother to verify that we are who we say we are, they'll have to pony up the cash.
We haven't paid RSA or VeriSign a bajillion dollars to verify our SSH server key, either, but I feel a lot better using ssh to login and give the databases a stir than I would using telnet.
Of course, the certifiacte would have to be "owned" by someone. Who's name is going to be on the certificate? Bomis'? That wouldn't make sense, since we'd have to get a new one when the non-profit is set up.
So Jimbo, how's the non-profit coming along? :)
-- brion vibber (brion @ pobox.com)
On Mon, Mar 31, 2003 at 01:37:35PM -0800, Jason Richey wrote:
So, if the masses finally decide that we "need" SSL, who's paying for the security certificate? Or would we have to plan to run without a properly signed cert?
Of course, the certifiacte would have to be "owned" by someone. Who's name is going to be on the certificate? Bomis'? That wouldn't make sense, since we'd have to get a new one when the non-profit is set up.
Whether SSL is a good idea in this situation isn't the issue. Setting it up properly involves getting some other things done first. IMHO, Moving forward on SSL at this point would be slightly premature.
Passive attacks are very easy and very common, active attacks are much more difficult and a couple orders of magnitude more rare.
We don't really need to care about someone signing our certs. We have much bigger security holes anyway ;)
Jason Richey wrote:
So, if the masses finally decide that we "need" SSL, who's paying for the security certificate? Or would we have to plan to run without a properly signed cert?
I would pay for this if we needed it, but we don't, so it's a moot point. :-)
wikitech-l@lists.wikimedia.org