[Systems] people.sugarlabs.org certificate

James Cameron quozl at laptop.org
Mon May 29 00:26:19 EDT 2017

Previous message (by thread): [Systems] people.sugarlabs.org certificate
Next message (by thread): [Systems] request activities.sugarlabs.org access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks, that's an interesting question.

{www,developer,help,wiki,socialhelp}.sugarlabs.org forces SSL with 301.

{people,activities}.sugarlabs.org does not.

I'm fine with forcing SSL on people.sugarlabs.org.  I don't know of
anything that relies on people.sugarlabs.org being accessible over
HTTP.

activities.sugarlabs.org already has a double 302 redirect for me, to
/en-US/ and /en-US/sugar/ ... no idea if older clients will be happy
with SSL.

Three reasons why I've not done it everywhere;

- an SSL connection takes much longer over high latency links because
  of the number of round trips required,

- some old client software may not have the newer certificates
  authorities; thinking here of Sugar with Fedora 18 or earlier, My
  Settings -> Software Update, or very old Browse,

- while HTTP over SSL is good for privacy of request, it is not very
  good for authenticating the server; witness how easy it is to get a
  certificate.

Wanna patch Browse to show insecure more clearly?  ;-)

-- 
James Cameron
http://quozl.netrek.org/

Previous message (by thread): [Systems] people.sugarlabs.org certificate
Next message (by thread): [Systems] request activities.sugarlabs.org access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list