Re: [Debconf-team] dc7 website and wiki.debconf.org, ipv6
On 13/01/13 20:07, Daniel Kahn Gillmor wrote:
> On 01/13/2013 01:22 PM, Joerg Jaspert wrote:
>> - wiki.debconf.org is now only reachable by SSL. non-ssl gets
>> redirected. Though I would be happy enough to let non-ssl access it
>> too, if someone takes the time to tweak either the apache config or
>> mediawiki so that it requires SSL for logins (and maybe anonymous
>> edits?), ie. reading only for non-ssl.
>> Keep in mind, its squeeze, so mediawiki from there...
>
> Thank you, Joerg! This is really valuable work.
>
> fwiw, i don't think that browsing via cleartext http is a useful goal,
> given the problems with session hijacking, sslstrip-style attacks, etc.
>
> If the https connections are considered too onerous for some reason, i'd
> be happy to try to help troubleshoot and improve the situation, if
> that's desired.
>
https hasn't been too onerous for Nokia:
http://gizmodo.com/5975095/nokias-xpress-browser-decrypts-your-https-data
Two factor authentication may be the next step
Reply to: