-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article <18849937.7157.1297583642909.javamail.r...@benjamin.baylink.com>, Jay Ashworth <j...@baylink.com> wrote: > > Yeah, secure.wikimedia.org's URL scheme isn't really friendly > > to outsiders. Historically, this is because SSL certificates are > > expensive, and there just wasn't enough money in the budget > > to get more of them for the top-level domains. Maybe this isn't > > the case anymore. > Is that in fact the root cause, Chad? I assumed, myself, that it's because > of the squid architecture.
LVS is in front of Squid, so it would be fairly simple to send SSL traffic (port 443) to a different machine; which is how secure.wm.o works now, except that instead of using LVS, it requires a different hostname. However, I think the idea is not to start allowing https://en.wikipedia.org URLs until there's a better SSL infrastructure which can handle the extra load an easy-to-use, widely advertised SSL gateway is likely to create. secure.wm.o is currently a single machine and sometimes falls over, e.g. when Squid breaks for some reason and people notice that secure still works. SSL certificates aren't that cheap, but only about 8 would be needed (one for each project, e.g. *.wikipedia.org), so the cost isn't prohibitive anymore. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (NetBSD) iEYEARECAAYFAk1X9R4ACgkQIXd7fCuc5vKwtACeLCWBLoOs8ymRfwJujpdcpcEx l+QAn2i/35DVQ/qLSsSY7auws/YqkW0v =oyfW -----END PGP SIGNATURE----- _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l