Re: [Debconf-team] dc7 website and wiki.debconf.org, ipv6
On 16/01/13 08:59, Joerg Jaspert wrote:
>
>>> If the https connections are considered too onerous for some reason, i'd
>>> be happy to try to help troubleshoot and improve the situation, if
>>> that's desired.
>>>
>> https hasn't been too onerous for Nokia:
>> http://gizmodo.com/5975095/nokias-xpress-browser-decrypts-your-https-data
>> Two factor authentication may be the next step
>>
> I don't believe they really decrypt it. I think, as its their browser
> routing it via Nokia, that that one helps them by giving out whatever
> information they need for it. Not sure though.
>
>
My understanding is that they put their own root certificate in the
browser and then use a dynamic type of SSL server that generates SSL
certificates on the fly, to match any domain requested. But then again,
a browser vendor could just hide the warning popups too, or pretend it
was SSL by putting a padlock logo even when it isn't.
> But that doesn't matter: This is wiki.debconf.org. Which has been, for a
> LONG time, without any protection for the logins. So https is a (good)
> step forward. Now directly going one more, making it much harder for all
> involved to contribute does seem to be lots of overkill.
>
>
I wasn't suggesting such a scheme would be mandatory. Some sites offer
optional OpenID logins, and then the OpenID can use two-factor
authentication.
Reply to: