[MLB-WIRELESS] Melbourne Wireless site and SSL.

Tyson Clugg tyson at melbournewireless.org.au
Mon Jul 23 00:39:42 EST 2012


Steve, you're misrepresenting what was discussed.

You acted without authority by prematurely making the switch in spite what
was said by our elected President.

I'm not against us switching to SSL, it makes a lot of sense to do so for
*authenticated* actions on our website.  But *not* with the minority SSL
root certificate authority you installed.

And it still doesn't make sense to *force* SSL for all traffic, when 99% of
our traffic is by anonymous users for *public* content.

My phone doesn't show a certificate warning - it presents an error message
when I try to connect on my Nokia E52-2 with current (v91.003, 03-Apr-2012)
firmware.  I can browse other SSL sites fine, just not Melbourne Wireless'.
 Yes, this is probably a bug but it's non-trivial - half the time that I'm
using our website is when I'm on a roof and the phone is the device with a
browser at hand.  Nokia are currently the 2nd biggest seller of mobile
phones, so I don't believe that I'd be the only person affected if you
persist with the current SSL root CA.

Regards,
Tyson.


On 20 July 2012 20:10, Steven Haigh <netwiz at crc.id.au> wrote:

> Hi all,
>
> We're having a bit of indecision at the moment, so I decided to get the
> input of the majority on the list on the matter.
>
> I've configured up https://www.melbournewireless.**org.au<https://www.melbournewireless.org.au>to work to get the entire web site over an SSL encrypted link. This helps
> protect your privacy while operating over unencrypted or insecure links. It
> also helps keep your details while logging into the site safe.
>
> There have been differing opinions between the dev teams and committee
> regarding if the site should be moved to https (SSL encrypted) only.
>
> It is my personal belief that in this day and age that everything that can
> be secure in transit is configured so that it is. Google etc seem to feel
> the same - as all of their services are available via https (yes, even
> YouTube!).
>
> I'd like to get the opinion of the list into if Melbourne Wireless should
> default to https access to the site - thereby reaping the benefits of SSL.
> Existing non-ssl access (ie via http://www.melbournewireless.**org.au<http://www.melbournewireless.org.au>)
> will be redirected to the secure version of the same content.
>
> This has the up side that by default, everything on the site will be
> secure from eavesdropping on unsecured connections. A side benefit is that
> it will also consolidate all our domains within various search engines -
> increasing our ranking.
>
> The down site is that some odd devices may throw up a security warning
> when you try to visit the site. At this point, I have only managed to find
> a single Nokia phone that does this.
>
> Tested working:
>         * Windows 7: Chrome, IE, Firefox, Safari
>         * Windows XP: Chome, IE, Firefox, Safari
>         * Linux: RHEL 6.2 + Firefox
>         * Android Gingerbread + ICS Browser
>         * Apple iPad + Safari
>
> Tested with warning:
>         * Tysons Nokia something phone.
>
> If you would like to expand this list, feel free to browse to
> https://www.melbournewireless.**org.au<https://www.melbournewireless.org.au>on any device you can.
>
> Any general discussion on this is also welcome. (Please CC
> committee at wireless.org.au with your thoughts).
>
> --
> Steven Haigh
>
> Email: netwiz at crc.id.au
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
> ______________________________**_________________
> Melbwireless mailing list
> Melbwireless at lists.wireless.**org.au <Melbwireless at lists.wireless.org.au>
> http://lists.wireless.org.au/**mailman/listinfo/melbwireless<http://lists.wireless.org.au/mailman/listinfo/melbwireless>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wireless.org.au/pipermail/melbwireless/attachments/20120723/76b0b742/attachment.html>


More information about the Melbwireless mailing list