Le Sat, 17 Aug 2013 15:58:01 +0200, MZMcBride z@mzmcbride.com a écrit:
Greg Grossmeier wrote:
== Wednesday ==
- We will enable secure login (via HTTPS) by default. This means that
all logged in users will read and edit the site via a secure connection over HTTPS. Given some restrictions/internet blocks in some jurisdictions, we will disable this feature on specific language wikis.
- Will logged in users automatically be redirected from HTTP to HTTPS
once this change is live?
- Will links in e-mail notifications switch from HTTP to HTTPS?
Most importantly, a change like this will inevitably result in a small percentage of users no longer being able to access the site.
** How are editors expected to be able to report issues if they're no longer able to access the site? Will they simply have to edit a village pump anonymously and hope that someone notices?
** Will there be any opt-out mechanism for logged in users?
*** Is the editing community willing to lose a small percentage of editors who will no longer be able to contribute to the site?
MZMcBride
Given the number of questions coming with HTTPS, I find we should discuss it in a central and perennial location, probably on the new page [[meta:HTTPS]] https://meta.wikimedia.org/wiki/HTTPS.
Indeed, in addition to the WMF, the public and editors are now concerned about the privacy and browsing security, but HTTPS has many challenges that need to be addressed: * technical issues (e.g. caching, performance, MITM mitigation, PFS/cipher suites, DNSSEC), * diplomatic issues (e.g. country of issuance of the certificate, firewall of China), * user interaction issues (e.g. diffuse knowledge about HTTPS and security, management of errors, promotion of pinning/TACK? http://tack.io) So tech and non-tech people should be involved in the discussions to better balance all aspects of the security/privacy.
Just my POV, Seb35