On 9/15/07, Gregory Maxwell <gmaxwell(a)gmail.com> wrote: Doesn't an anonymization network like TOR provide the same value for readers who need to access Wikipedia securely (and, in this case, also anonymously)?

On 9/15/07, Gregory Maxwell <gmaxwell(a)gmail.com> wrote: Well, they do - we're just not actively promoting SSL. Question: Are we near the limits of the amount of traffic we can handle via SSL, or might it be worthwhile to experiment with adding a "Secure login" link to Special:Userlogin? That might be worthwhile; have you spoken to our tech team or Sue about it? I think it would definitely be useful to at least be capable of handling the amount of traffic from having a "secure login" link on all user login pages. But if it requires significant investments of time and money to do so, it wouldn't be in my top 5 tech priority list. -- Toward Peace, Love & Progress: Erik DISCLAIMER: This message does not represent an official position of the Wikimedia Foundation or its Board of Trustees. _______________________________________________ foundation-l mailing list foundation-l(a)lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/foundation-l

On 2007.09.16 07:21:25 +0200, GerardM <gerard.meijssen(a)gmail.com> scribbled 48 lines: have Why should we defer it? It really doesn't seem like a big deal. There are a couple things to discuss here: #How much load would all logins going through SSL cause? This should be really easy to do - figure out how much work a single SSL login causes, and multiply. Even that crude ballpark estimate is better than nothing. #Make logins by default go through SSL. We can break this down into two suggestions: ##Make all admins go through SSL by default. I think this is an *extremely* good idea. However expensive a SSL login might be, a few thousand admins infrequently logging in is hardly going to stress the servers comparable to normal editing or bot edits or spiders. Plus, it'd give just a little more protection for account passwords in all situations, not just for those editing through TOR. It's largely transparent to users, has a chance of doing good, etc. (Now, I'm not saying force admins to go through secure.wikimedia.org, just that surely there must be some configuration option or something for the regular en.wikipedia.org login page? This, like the first suggestion, is best answered by those with technical chops.) ##Make all logins go through SSL by default. Sure, why not. The argument against this would seem to be server load, but we need an answer to the first point before we can productively argue this. We really need some more information here. Is it hard to change the login? I would assume that because you can already log in via SSL through secure.wikimedia.org, the functionality is there and only needs to be enabled for the frontend (as compared to SUL, a backend enhancement involving vast and far-reaching changes), so to speak, but for all I know the login page is actually some hardwired crufty HTML page that barely works and adding an SSL option, default or not, would be a heroic undertaking comparable to that of SUL. Any of the developers want to comment? -- gwern Stallman guest jihad SL-1 VHF DF DSS Juiliett 2.6.2. Kwajalein _______________________________________________ foundation-l mailing list foundation-l(a)lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/foundation-l

On 9/16/07, GerardM <gerard.meijssen(a)gmail.com> wrote: first. It deal Both Adding these links costs five minutes of non-developer time. Any wiki administrator can do this. How much additional server capacity is required, and the resulting cost-benefit analysis, is what's being discussed. At any rate, we're looking at administrator time, not developer time. Austin _______________________________________________ foundation-l mailing list foundation-l(a)lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/foundation-l

On 9/16/07, GerardM <gerard.meijssen(a)gmail.com> wrote: The functionality being discussed has already been implemented. The only change would be the addition of a link to that wiki via the SSL interface (e.g., https://secure.wikimedia.org/wikipedia/en/w/index.php?title=Special:Userlog…), currently known to only a few who actively care and are sufficiently well-informed, to a page visible to the less well-informed.