On 02/04/12 06:14, Ryan Lane wrote:
TL;DR: we have no plans for anonymous HTTPS by default, but will eventually default to HTTPS for logged-in users.
- It would require an ssl terminator on every frontend cache. The ssl
terminators eat memory, which is also what the frontend caches do.
Once we enable it by default for logged-in users, we will care a lot more if someone tries to take it down with a DoS attack. Unless the redirection can be disabled without actually logging in, a DoS attack on the HTTPS frontend would prevent any authenticated activity.
It suggests a need for a robust, overprovisioned service, with tools and procedures in place for identifying and blocking or throttling malicious traffic.
[...]
- Some countries may completely block HTTPS, but allow HTTP to our
sites so that they can track users. Is it better for us to provide them content, or protect their privacy? 4. It's still possible for governments to see that people are going to wikimedia sites when using HTTPS, so it's still possible to oppress people for trying to visit sites that are disallowed.
It's also possible for governments to snoop on HTTPS communications, by using a private key from a trusted CA to perform a man-in-the-middle attack. Apparently the government of Iran has done this.
If we really want to protect the privacy of our users then we should shut down the regular website and serve our content only via a Tor hidden service ;)
-- Tim Starling