On Saturday 10 Mar 2012 17:00:36 Daxter wrote: > On Mar 10, 2012, at 10:54 AM, Matthew Toseland wrote: > > On Saturday 10 Mar 2012 16:44:55 Daxter wrote: > >> On Mar 10, 2012, at 3:44 AM, Florent Daigniere wrote: > >>> On Fri, Mar 09, 2012 at 07:11:19PM -0600, Daxter wrote: > >>>> > >>>> I'm all for HTTPS, but do we really want to outright *remove* > >>>> functionality from the site? Sure, HTTP isn't secure and all "modern" > >>>> web browsers support it. However, we would be making it harder for > >>>> people to learn about Freenet and potentially try it out. > >>>> > >>> > >>> Why? You could still access it over HTTP... and be presented with > >>> (transparent) redirect to the secure version. > >> > >> I just scratched an itch and discovered that even Lynx supports HTTPS? If > >> it really is the case that HTTPS has become so ubiquitous that users > >> wouldn't be affected, then sure, go ahead with it. > >> > >> HOWEVER: the question really needs to be restated. Are there any countries > >> or ISPs that are known to disallow secure communications? > >> > >>>> In the end I think we should do what every major website does today: > >>>> encrypt the important data and let the entire site be accessible > >>>> securely, but don't force it onto people. > >>>> > >>>> -Daxter > >>> > >>> It's very difficult to do and most websites do it wrong. You have to > >>> think about mixed-content errors, cookie flags, ... > >>> > >>> Sending credentials in cleartext like we do on the wikis, with no secure > >>> alternative, is a disgrace. > >>> > >>> Florent > >> > >> > >> Can you give me an example of a website that in your mind does either the > >> mixed model or the secure-only model properly? It would be nice to compare > >> with them. > >> > >> Actually, the wiki supports HTTPS right now. You'll get a certificate > >> error, but it works. > > > > Why do you get a cert error? We have a wildcard cert! > >> > >> While we're on the subject (as I've never bothered with HTTPS on the site > >> until now), turns out it's rather misconfigured. Both the wiki and the > >> main site return a certificate for emu.freenetproject.org? That address > >> isn't accessible--what was it, and shouldn't we get this fixed? > > > > Eh? I thought we used the wildcard cert for everything? > > Nope, both are using a cert for emu.freenetproject.org. Also, the certificate > is bound to expire on 4/27/2012 so we really should get this fixed!
Are you sure it isn't a wildcard cert? Wildcard is an extension. IIRC I don't see a warning on HTTPS://freenetproject.org/. I agree we need to renew it though. :( -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20120310/9dece3b2/attachment.pgp>