Yes .. these coutries are in this case. They cut https we don't really know if it it a full https blackout or not.
- Nicolas Hernandez a-n - aleph-networks *associ?* http://www.aleph-networks.com On Sat, Mar 10, 2012 at 7:00 PM, Ximin Luo <infinity0 at gmx.com> wrote: > Someone mentioned that Syria blocks HTTPS. and there are reports of Iran > blocking HTTPS as well. I don't know if these reports are true however; it > seems a little suicidal since it also means various services such as online > banking aren't secure. > > I'm of the mind that if HTTPS doesn't work then we shouldn't serve > anything. > Certain services do force HTTPS, and online stores / banks would be > laughed at > if they started offering "non-secure" transactions. > > "Certificate error" is the same as not working, yes. People who say "just > click > through the warning" deserve to get their bank details stolen. Do it in > private > if you want to take a risk, but don't advise others to do the same thing! > > X > > On 10/03/12 17:47, Florent Daigniere wrote: > > On Sat, Mar 10, 2012 at 10:44:55AM -0600, Daxter wrote: > >> On Mar 10, 2012, at 3:44 AM, Florent Daigniere wrote: > >>> On Fri, Mar 09, 2012 at 07:11:19PM -0600, Daxter wrote: > >>>> > >>>> I'm all for HTTPS, but do we really want to outright *remove* > functionality from the site? Sure, HTTP isn't secure and all "modern" web > browsers support it. However, we would be making it harder for people to > learn about Freenet and potentially try it out. > >>>> > >>> > >>> Why? You could still access it over HTTP... and be presented with > (transparent) redirect to the secure version. > >> > >> I just scratched an itch and discovered that even Lynx supports HTTPS? > If it really is the case that HTTPS has become so ubiquitous that users > wouldn't be affected, then sure, go ahead with it. > >> > >> HOWEVER: the question really needs to be restated. Are there any > countries or ISPs that are known to disallow secure communications? > >> > > > > I can name plenty of countries filtering HTTP (starting by the UK, where > I live); I'm not sure I can name a single one filtering HTTPS. > > Fundamentally, we can't prevent filtering... but we can prevent > tampering of what we publish using cryptography. > > > > > >>>> In the end I think we should do what every major website does today: > encrypt the important data and let the entire site be accessible securely, > but don't force it onto people. > >>>> > >>>> -Daxter > >>> > >>> It's very difficult to do and most websites do it wrong. You have to > think about mixed-content errors, cookie flags, ... > >>> > >>> Sending credentials in cleartext like we do on the wikis, with no > secure alternative, is a disgrace. > >>> > >>> Florent > >> > >> > >> Can you give me an example of a website that in your mind does either > the mixed model or the secure-only model properly? It would be nice to > compare with them. > >> > > > > https://www.torproject.org/ does it properly (HTTPS everywhere) > > https://bugs.freenetproject.org/ does it properly > > https://www.trustmatta.com/ does it properly > > > > > > https://umbraco.codeplex.com/SourceControl/list/changesets doesn't do > it properly (mixed content on the https version) > > http://www.laposte.net/ (major webmail provider in France) doesn't do > it properly (form hosted over http) > > My bank's website doesn't do it properly (they don't set the 'secure' > flag on their session cookie) > > ... > > > > I'm not short of examples; these are the open tabs in my browser right > now. > > > >> Actually, the wiki supports HTTPS right now. You'll get a certificate > error, but it works. > >> > > > > Hmmff? If you get a certificate error it doesn't work. > > > >> While we're on the subject (as I've never bothered with HTTPS on the > site until now), turns out it's rather misconfigured. Both the wiki and the > main site return a certificate for emu.freenetproject.org? That address > isn't accessible--what was it, and shouldn't we get this fixed? > >> > > > > This certificat has X509v3 Subject Alternative Names. It should is valid > for the following fqdns: > > emu.freenetproject.org, freenetproject.org, osprey.freenetproject.org, > bugs.freenetproject.org, downloads.freenetproject.org > > > > Florent > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://freenetproject.org/cgi-bin/mailman/listinfo/devl > > > -- > GPG: 4096R/5FBBDBCE > https://github.com/infinity0 > https://bitbucket.org/infinity0 > https://launchpad.net/~infinity0 > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20120311/9dc45c3e/attachment.html>
