1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 03/07/2011 09:48 AM, Tobias Klausmann wrote: |
5 |
> Hi! |
6 |
> |
7 |
> On Mon, 07 Mar 2011, Mike Frysinger wrote: |
8 |
>>>> If *anybody* can't use SSL for any reason please yell so that we can |
9 |
>>>> decide if we leave it as it is (plain + encrypted) or not. |
10 |
>>> |
11 |
>>> Is there any *real* reason to force SSL? It is *hell* slow. |
12 |
>> |
13 |
>> it should of course be force for logging in |
14 |
> |
15 |
> If it is enforced for login, it should be enforced for logged |
16 |
> in sessions, cf. Cookie stealing (for a POC: Firesheep). And no, |
17 |
> restricting the login cookie to an IP is *not* "safe enough". |
18 |
> |
19 |
> Regards, |
20 |
> Tobias |
21 |
> |
22 |
|
23 |
First off, a big thanks to infra and all involved in the migration. It |
24 |
looks awesome! |
25 |
|
26 |
As to the SSL bit, there is *no* reason not to be using SSL for anything |
27 |
that requires a username / password. And I 100% agree with Tobias. If |
28 |
it's necessary to use SSL to login, it's necessary to use it for the |
29 |
duration of the session. I don't know how feasible it is to do, but if |
30 |
normal viewing (no login) can be left SSL free, I see no issue there. |
31 |
Otherwise however, SSL should be in use. |
32 |
|
33 |
Regards, |
34 |
- -- |
35 |
Dane Smith (c1pher) |
36 |
Gentoo Linux Developer -- QA / Crypto / Sunrise / x86 |
37 |
RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index |
38 |
-----BEGIN PGP SIGNATURE----- |
39 |
Version: GnuPG v2.0.17 (GNU/Linux) |
40 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
41 |
|
42 |
iQIcBAEBAgAGBQJNdPDCAAoJEEsurZwMLhUxFtUP/istnBrfWjaj8SoHmweB5Uh8 |
43 |
Fblpar2tWVqqSORPV0fkXnYogXK8EbSl4eQDo6Q5LZt4OUzP2T4rLOrrexaxL2s/ |
44 |
GzKYHeoEsUKAfkZa5W3bmL8ZaL0ueYFqM/ucx1r9iGEqEOIr33G3eaR3AlaovmjV |
45 |
Qw/r0McPFJDxqZz+79Xl/sFTFJaDHebEKiYT9Y40m3+6Ha4EqWcZ5DLX41/kfE77 |
46 |
Du+hCdf5J3E29vED3qtY5FBrmzG4ILBPCXbYxW8IMbpizQAzj7XzH8ZxjA9OvPOJ |
47 |
S0kxrjQR9oFodiPETYf/vOpsHlp/D3+HECRo4Qa1OJBdkb70ci+5XHoY3GvdAKUe |
48 |
MN3jCf94CSxlCyJcngWoyiu9j93l2Z3ctjq3cHo1dH4ETo686jyKFm4xBBkm4UrF |
49 |
Co6c/pkX+78m2Py4hcWml+X2reYMurTC0dRG42YCW3dXRMJha6OZKIKXTf19FakL |
50 |
bEd0adIK99t+N3i63yKIsd9p5SrU0H2ysJtX2wNyUVMAYnAad7gn7SGCKCytmvAo |
51 |
4R8to3O7DitfIXAAz78Zj5vwa9VIbPu8dCTV0zo2XHE5EOXfu87YMQYKQQU1KwXK |
52 |
9Rx0ZLys+vQCJL1EhezXBRcG39ksVHI1/hytD3LMTeRRXeQLJUrE3LK64mxtEARH |
53 |
f7uLbv3dNgsjbhIM7jfQ |
54 |
=CxR9 |
55 |
-----END PGP SIGNATURE----- |