Re: [Debconf-team] dc7 website and wiki.debconf.org, ipv6

[Daniel Pocock <daniel@pocock.com.au>]

On 13/01/13 20:07, Daniel Kahn Gillmor wrote:
> On 01/13/2013 01:22 PM, Joerg Jaspert wrote:
>> - wiki.debconf.org is now only reachable by SSL. non-ssl gets
>>   redirected. Though I would be happy enough to let non-ssl access it
>>   too, if someone takes the time to tweak either the apache config or
>>   mediawiki so that it requires SSL for logins (and maybe anonymous
>>   edits?), ie. reading only for non-ssl.
>>   Keep in mind, its squeeze, so mediawiki from there...
> 
> Thank you, Joerg!  This is really valuable work.
> 
> fwiw, i don't think that browsing via cleartext http is a useful goal,
> given the problems with session hijacking, sslstrip-style attacks, etc.
> 
> If the https connections are considered too onerous for some reason, i'd
> be happy to try to help troubleshoot and improve the situation, if
> that's desired.
> 

https hasn't been too onerous for Nokia:

http://gizmodo.com/5975095/nokias-xpress-browser-decrypts-your-https-data

Two factor authentication may be the next step