Wikimedia Foundation Enables HTTPS For All Projects

An anonymous reader writes "The Wikimedia Foundation has enabled HTTPS for all of its projects (Wikipedia, Wikimedia Commons, etc.), to enable secure log-in and browsing privacy. Their blog post goes into detail about how the service is configured, linking to configuration files and implementation documentation. It also mentions that HTTPS Everywhere will have updated rules for this change soon."

Fixed link

[subreality]

Oh, for the love of crypto. [wikimedia.org]

Re:Great... Now, if only we could trust EVERY CA.

[phantomfive]

You do realize that this has been a problem from the beginning, right? If you sound surprised, it's only because you only recently started paying attention.

In practice, there are multiple layers of security, and this is just one of them.

Re:Adds to greenhouse problem

[heypete]

Not much [imperialviolet.org]:

In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

Re:Adds to greenhouse problem

[vlm]

I seriously hope not. SSL adds latency to the connection and is completely useless for a huge number of websites. Why would I need SSL to access a e.g. recipes page which doesn't even have a login page?

You want to cook a non-Halal recipe in a Halal nation where improper religious observation will get you killed? Really simple example would be looking up mixed-drinks cocktails in Saudi Arabia...