When does anyone plan to use SSL to protect passwords and users on OSM? I noticed the other day about how JOSM puts this in it's MOTD:
"Your username and password are sent to the server unencrypted. If you do not like this, do not upload." While I'm aware that this is occurring, many others may not and may be put off with statements like the above. While removing that statement from JOSM might fix some of the image problems, it doesn't do anything for real security. There has even been a bug on this issue for 3 years! http://trac.openstreetmap.org/ticket/275 This is even more concerning when you add into the mix the UK government is trying to record globs and globs of additional information on data travelling across internet links in the UK, among other things. http://go.theregister.com/feed/www.theregister.co.uk/2009/12/22/mobile_imp/ As has been pointed out on the trac ticket, OSM should be eligible for a free cert from godaddy, then there is ideological reasons for supporting other options like CAcert, just like many support OSM for ideological reasons rather than Google. I realise there is some APIs floating about that use alternative authentication schemes, but the majority of users will be sending their passwords (and everything else for that matter) clear text over the internet for all and sundry to snoop on. Is it really reasonable to not offer SSL encryption? _______________________________________________ talk mailing list talk@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk
