On Sun, Apr 1, 2012 at 1:14 PM, Ryan Lane <rlane32(a)gmail.com> wrote:
TL;DR: we have no plans for anonymous HTTPS by
default, but will
eventually default to HTTPS for logged-in users.
1. It would require an ssl terminator on every frontend cache. The ssl
terminators eat memory, which is also what the frontend caches do.
2. HTTPS dramatically increases latency, which would be kind of
painful for mobile.
Without getting into how other countries censor data (boo!) I agree
with the first two points. SSL terminators are much more memory and
cpu intensive which would require many more machines. Also there are
more RTT's required for https/ssl and our ping latency is not very
good since we do not have a very geographically diverse
infrastructure.
The two solutions for this are #1 more and beefier machines and #2
caching centers in various locations physically closer to users (which
also requires a lot of #1). Sadly the biggest drawback of these two
points is that they both cost a lot of money and that would mean a lot
more pop up banners of Jimmy asking for cash :(
Leslie
P.S. I peronally like the idea of a cookie that you can check box at
the top of the page (one time showing only perhaps?) that would
default send users to https upon request. However I don't think we
can do this with our current infrastructure due to the above issues.
3. Some countries may completely block HTTPS, but
allow HTTP to our
sites so that they can track users. Is it better for us to provide
them content, or protect their privacy?
4. It's still possible for governments to see that people are going to
wikimedia sites when using HTTPS, so it's still possible to oppress
people for trying to visit sites that are disallowed.
On Sun, Apr 1, 2012 at 7:06 PM, David Gerard <dgerard(a)gmail.com> wrote:
Lots of monitoring going into place:
https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_…
http://www.bbc.co.uk/news/uk-politics-17576745
What are the current technical barriers to redirection to https by default?
- d.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--
Leslie Carr
Wikimedia Foundation
AS 14907, 43821