I believe it would be best if login form was served using http with
check box "Disable ssl" which would be not checked as default. The
target page of form would be ssl page in case users wouldn't check it.
So that in countries where ssl is problem they could just check it and
proceed using unencrypted connection.
On Mon, Apr 2, 2012 at 11:34 AM, Tei <oscar.vives(a)gmail.com> wrote:
Perhaps have a black list of countries that are know
to break the
privacy of communications, then make https default for logued users in
these countries.
This may help because:
- It only affect a subgroup of users (the ones from these countries)
- It only affect a subgroup of that subgroup, the logued users (not all)
- It create a blacklist of "bad countries" where citizens are under
surveillance by the governement
This perhaps is not feasible, if theres not easy way to detect the
country based on the ip.
--
--
ℱin del ℳensaje.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l