[Imc-uk-process] [PROPOSAL] Add a Security box to the site

[cc]

Hi

I would like to propose that we add a new security box
to the site just before the IMCs cities list containing
this (when viewing an unencrypted page):

  Unencrypted Page

  We suggest you use an 
  encrypted connection for 
  browsing this site, please
  pick a mirror from the 
  following list: www1 | www4

  Please install the CAcert 
  root certificate to verify 
  the authenticity of the 
  site, for more information 
  see the security page. 

And this when viewing an encrypted version of a page:

  Encrypted Page

  You are viewing this page 
  using an encrypted 
  connection. If you bookmark
  this page or send it's 
  address in an email you 
  might want to use the 
  un-encrypted address of 
  this page.

  If you recieved an warning 
  about an untrusted root 
  certificate please install 
  the CAcert root certificate, 
  for more information see the 
  security page. 

A problem we have at the moment with only using encrypted
connections (https) for the admin interface is that there
is not enough encrypted browsing traffic to obscure who is
uploading stuff.

One way of addressing this (which works with the existing
set up of mirrors and doesn't require us to switch to
using squid) is to:

1. Set up as many mirrors as possible running https. 

2. Add the boxes described above.

3. Make one of the the https sites listed the publishing
   server in order to generate some extra browsing traffic
   for it so that it becomes hard to detect the uploads
   from the downloads from the actions of admins.

4. For all sites on the new server have redirects on port
   80 to direct traffic to the port 443 https interface. 

So far we have two encrypted mirrors:

  * https://www1.indymedia.org.uk/
  * https://www4.indymedia.org.uk/

And when the new server is up this can be added to the
list as per suggestion 3 above.

This proposal has been sent to the imc-uk-tech list:

  http://lists.indymedia.org/pipermail/imc-uk-tech/2004-December/1204-o9.html

And it has been put on the wiki:

  http://docs.indymedia.org/view/Local/UkCrypto#Web

The text for the related Security page, which should
explain all this is detail and in a non-technical way (if
possible!) can be worked on this wiki page:

  http://docs.indymedia.org/view/Local/UkSecurity

If people are happy with this proposal then the following
things would need doing:

1. Sort out the text for the Security page.

2. Sort out the templates to add this box.

3. Update the production server with the new templates.

4. Add the new production server to the list when it is up
   and running.

1-3 are not going to happen overnight, but if
imc-uk-process is happy with this then the techies can get
on with implementing it when they find time.

Chris