[MLB-WIRELESS] Melbourne Wireless site and SSL.
netwiz at crc.id.au
Mon Jul 23 07:39:07 EST 2012
On 2012-07-23 00:39, Tyson Clugg wrote:
> Steve, you're misrepresenting what was discussed.
We'll have to agree to disagree there.
> You acted without authority by prematurely making the switch in spite
> what was said by our elected President.
I think the time frame is a little out there. I enabled SSL, tested it
over several days, then added the redirect. It was only when I emailed
the coders list that anyone even noticed the change had been made. The
discussion between myself and Tyson took place AFTER everything was
already functional. I have never been aware of any other process we have
used for web development - including changes to the operational aspects
of the web site.
> I'm not against us switching to SSL, it makes a lot of sense to do so
> for *authenticated* actions on our website. But *not* with the
> minority SSL root certificate authority you installed.
I think you have been the only one calling these guys a 'minority'
provider because you are the first person that has had a device that
didn't work with it. Yes, your single device doesn't work. I would
personally like you to file a bug report with Nokia to help out all
Nokia users that suffer this. It is 100% Nokias fault - as the root CA
in question has been in the approved root CA bundle for well over 5
years (XP SP3 is the earliest I can personally verify).
> And it still doesn't make sense to *force* SSL for all traffic, when
> 99% of our traffic is by anonymous users for *public* content.
You keep saying it doesn't make sense - but at no point have I seen any
reasons WHY it doesn't seem to make sense. Are we against using SSL just
because its something new for us? Is it considered a bad thing to secure
against eavesdropping? Is it a bad thing to secure against traffic
loggers? Is it a bad thing to look after our users?
You wouldn't do mail without SSL. It's not a huge step to want to do
browsing over SSL by default (in fact, I'd prefer a web that worked this
way!). Keep in mind that the internet is the very definition of a
hostile network. Any method to make things a little more secure should
You also seem to keep thinking that just because it is public content
it shouldn't be secured IN TRANSIT. That is what we are discussing here
- not trying to keep information private.
Oh, and as I mentioned before - the side benefit of all this is that
because everything pointed to ONE location (being
https://www.melbournewireless.org.au/$1), the ranking of Melbourne
Wireless within Google went from ~#7 to #1 for the search term. As such,
I still fail to see the down side - as MORE people should see our
content in the configuration I had vs what we had over the last several
Email: netwiz at crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299
More information about the Melbwireless