[Wikimedia-l] [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
Ryan Lane
rlane at wikimedia.org
Wed Aug 21 03:21:16 UTC 2013
On Wed, Aug 21, 2013 at 4:38 AM, Brion Vibber <bvibber at wikimedia.org> wrote:
> On Tue, Aug 20, 2013 at 1:33 PM, Nathan <nawrich at gmail.com> wrote:
>
> > Hi, context please?
> >
>
>
> Continuation of this thread from wikitech-l:
>
> http://lists.wikimedia.org/pipermail/wikitech-l/2013-August/thread.html#71285
>
>
> tl;dr summary:
> * ops plans to switch logins to HTTPS
> * switching all logins to HTTPS is known to break access for logged-in
> users in countries where Wikimedia's HTTPS servers are blocked by
> government censorship
> * there are some plans to mitigate this by excluding some languages from
> the requirement
> * this is controversial for several reasons, one of which is that it will
> break access for users in those countries on language projects that are not
> excepted (eg English Wikipedia in mainland China)
>
>
The last point isn't accurate. The original plan was to exempt certain
languages from the login redirection, and those projects would be "home"
wikis. When someone logged-in there, they'd also be logged-in everywhere
else via central auth. The current plan is to disable the HTTPS redirect
using geolocation for countries that have a > 5% error rate for HTTPS
requests.
This discussion is technical, so I'm going to move back to wikitech-l, now.
- Ryan
More information about the Wikimedia-l
mailing list