[MLB-WIRELESS] Melbourne Wireless site and SSL.
mw at freenet.net.au
Tue Jul 24 11:21:20 EST 2012
Obvious solution: schedule this topic to be discussed at the next general meeting. Take a vote (of financial members) and the outcome applies with no further argument or discussion.
The person or persons who have control or capacity to action the decision either do so as soon as possible, or relinquish control to other/s who are willing to do it.
If there is no other persons are willing and able, then the behaviour reverts to the way it has always been.
It can’t be that hard, can it? ;-)
From: melbwireless-bounces at lists.wireless.org.au [mailto:melbwireless-bounces at lists.wireless.org.au] On Behalf Of Tyson Clugg
Sent: Monday, 23 July 2012 12:40 AM
To: Steven Haigh
Cc: melbwireless at lists.wireless.org.au
Subject: Re: [MLB-WIRELESS] Melbourne Wireless site and SSL.
Steve, you're misrepresenting what was discussed.
You acted without authority by prematurely making the switch in spite what was said by our elected President.
I'm not against us switching to SSL, it makes a lot of sense to do so for *authenticated* actions on our website. But *not* with the minority SSL root certificate authority you installed.
And it still doesn't make sense to *force* SSL for all traffic, when 99% of our traffic is by anonymous users for *public* content.
My phone doesn't show a certificate warning - it presents an error message when I try to connect on my Nokia E52-2 with current (v91.003, 03-Apr-2012) firmware. I can browse other SSL sites fine, just not Melbourne Wireless'. Yes, this is probably a bug but it's non-trivial - half the time that I'm using our website is when I'm on a roof and the phone is the device with a browser at hand. Nokia are currently the 2nd biggest seller of mobile phones, so I don't believe that I'd be the only person affected if you persist with the current SSL root CA.
On 20 July 2012 20:10, Steven Haigh <netwiz at crc.id.au> wrote:
We're having a bit of indecision at the moment, so I decided to get the input of the majority on the list on the matter.
I've configured up https://www.melbournewireless.org.au to work to get the entire web site over an SSL encrypted link. This helps protect your privacy while operating over unencrypted or insecure links. It also helps keep your details while logging into the site safe.
There have been differing opinions between the dev teams and committee regarding if the site should be moved to https (SSL encrypted) only.
It is my personal belief that in this day and age that everything that can be secure in transit is configured so that it is. Google etc seem to feel the same - as all of their services are available via https (yes, even YouTube!).
I'd like to get the opinion of the list into if Melbourne Wireless should default to https access to the site - thereby reaping the benefits of SSL. Existing non-ssl access (ie via http://www.melbournewireless.org.au) will be redirected to the secure version of the same content.
This has the up side that by default, everything on the site will be secure from eavesdropping on unsecured connections. A side benefit is that it will also consolidate all our domains within various search engines - increasing our ranking.
The down site is that some odd devices may throw up a security warning when you try to visit the site. At this point, I have only managed to find a single Nokia phone that does this.
* Windows 7: Chrome, IE, Firefox, Safari
* Windows XP: Chome, IE, Firefox, Safari
* Linux: RHEL 6.2 + Firefox
* Android Gingerbread + ICS Browser
* Apple iPad + Safari
Tested with warning:
* Tysons Nokia something phone.
If you would like to expand this list, feel free to browse to https://www.melbournewireless.org.au on any device you can.
Any general discussion on this is also welcome. (Please CC committee at wireless.org.au with your thoughts).
Email: netwiz at crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299 <tel:%2803%29%208338%200299>
Melbwireless mailing list
Melbwireless at lists.wireless.org.au
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Melbwireless