[Imc-uk-process] [PROPOSAL] Add a Security box to the site
cc at riseup.net
Sat Dec 11 14:51:03 PST 2004
I would like to propose that we add a new security box
to the site just before the IMCs cities list containing
this (when viewing an unencrypted page):
We suggest you use an
encrypted connection for
browsing this site, please
pick a mirror from the
following list: www1 | www4
Please install the CAcert
root certificate to verify
the authenticity of the
site, for more information
see the security page.
And this when viewing an encrypted version of a page:
You are viewing this page
using an encrypted
connection. If you bookmark
this page or send it's
address in an email you
might want to use the
un-encrypted address of
If you recieved an warning
about an untrusted root
certificate please install
the CAcert root certificate,
for more information see the
A problem we have at the moment with only using encrypted
connections (https) for the admin interface is that there
is not enough encrypted browsing traffic to obscure who is
One way of addressing this (which works with the existing
set up of mirrors and doesn't require us to switch to
using squid) is to:
1. Set up as many mirrors as possible running https.
2. Add the boxes described above.
3. Make one of the the https sites listed the publishing
server in order to generate some extra browsing traffic
for it so that it becomes hard to detect the uploads
from the downloads from the actions of admins.
4. For all sites on the new server have redirects on port
80 to direct traffic to the port 443 https interface.
So far we have two encrypted mirrors:
And when the new server is up this can be added to the
list as per suggestion 3 above.
This proposal has been sent to the imc-uk-tech list:
And it has been put on the wiki:
The text for the related Security page, which should
explain all this is detail and in a non-technical way (if
possible!) can be worked on this wiki page:
If people are happy with this proposal then the following
things would need doing:
1. Sort out the text for the Security page.
2. Sort out the templates to add this box.
3. Update the production server with the new templates.
4. Add the new production server to the list when it is up
1-3 are not going to happen overnight, but if
imc-uk-process is happy with this then the techies can get
on with implementing it when they find time.
More information about the Imc-uk-process