On Sun, Apr 1, 2012 at 1:14 PM, Ryan Lane rlane32@gmail.com wrote:
TL;DR: we have no plans for anonymous HTTPS by default, but will eventually default to HTTPS for logged-in users.
- It would require an ssl terminator on every frontend cache. The ssl
terminators eat memory, which is also what the frontend caches do. 2. HTTPS dramatically increases latency, which would be kind of painful for mobile.
Without getting into how other countries censor data (boo!) I agree with the first two points. SSL terminators are much more memory and cpu intensive which would require many more machines. Also there are more RTT's required for https/ssl and our ping latency is not very good since we do not have a very geographically diverse infrastructure.
The two solutions for this are #1 more and beefier machines and #2 caching centers in various locations physically closer to users (which also requires a lot of #1). Sadly the biggest drawback of these two points is that they both cost a lot of money and that would mean a lot more pop up banners of Jimmy asking for cash :(
Leslie
P.S. I peronally like the idea of a cookie that you can check box at the top of the page (one time showing only perhaps?) that would default send users to https upon request. However I don't think we can do this with our current infrastructure due to the above issues.
- Some countries may completely block HTTPS, but allow HTTP to our
sites so that they can track users. Is it better for us to provide them content, or protect their privacy? 4. It's still possible for governments to see that people are going to wikimedia sites when using HTTPS, so it's still possible to oppress people for trying to visit sites that are disallowed.
On Sun, Apr 1, 2012 at 7:06 PM, David Gerard dgerard@gmail.com wrote:
Lots of monitoring going into place:
https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_A... http://www.bbc.co.uk/news/uk-politics-17576745
What are the current technical barriers to redirection to https by default?
- d.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l