HTTPS: Difference between revisions

From Meta, a Wikimedia project coordination wiki
Browse history interactively
← Older editNewer edit →
Content deleted Content added
VisualWikitext
there is not much difficulty in monitoring HTTP; you do not need to be the NSA to do it; cleanup grammar
rearrange
Line 1: Line 1:
'''HTTPS''' ([[:en:HTTP Secure|Wikipedia article]]) is a technique to drastically improve the security by comparison to the classical HTTP protocol used on the Internet. Correctly used, and in the current state of the knowledge:
'''HTTPS''' ([[:en:HTTP Secure|Wikipedia article]]) is a web protocol that improves the security of communication between the user and the server. With it enabled:
* you can be sure the content you are viewing has not been modified by any intermediary such as an ISP or government system;
* you can be sure you really receive the pages of the Wikimedia projects from the Wikimedia servers: nobody can change their content during the connection without you get warned,
* you can have reasonable expectation nobody knows what pages you are visiting, and
* you can have reasonable expectation nobody knows what pages you are visiting, and
* you can be sure nobody can change the content of your edits during their transport to the Wikimedia servers.
* you can be sure nobody can change the content of your edits during their transport to the Wikimedia servers.


The continued work to improve the security and privacy of Wikimedia project users is a stated goal of the Wikimedia Foundation. This work has been escalated in prominance by the NSA domestic spying scandal revealed by Edward Snowden in the Summer of 2013. The Wikipedia project was listed as a specific source of tracking users' behavior online. Browsing the web via the insecure HTTP protocol allows third-parties to track what pages you view and information you send online.
HTTPS got particular interest for the Wikimedia projects (among others) after the [[:en:PRISM (surveillance program)|PRISM scandal]] in the mid-2013, when it was revealed the American intelligence agency NSA monitors a big part of the global Internet for use in their intelligence programs; consequently Internet users can lose their browsing privacy. It also was pointed out any network operator or your government can monitor your browsing. On some networks, such as coffee shops with free, insecure, wifi, fellow users may also be able to easily monitor you (see [[:en:Firesheep|Firesheep]]). HTTPS is a means to [[:wikt:mitigate|mitigate]] the privacy and security issues of your browsing and editing (e.g. you can be more comfortable at editing the Wikipedia article about <code><nowiki>[[PRISM (surveillance program)]]</nowiki></code> if you can expect some privacy to not let the NSA know your identity), although you must be aware HTTPS and the whole Internet infrastructure have weaknesses, and you should inform yourself of the exact risks if you expect a very high level of security.


== HTTPS on the Wikimedia projects ==
== What this means for you ==
In addition to the previous improvements to privacy and security on Wikimedia sites (see below), on Wednesday August 21st, 2013, the Wikimedia Foundation will enable HTTPS for all logged in users. How this works is simple: If a user wants to login, they are forced to login over HTTPS (thus keeping their username and password secure) and after they are logged they stay on the HTTPS version of the Wikimedia site they are using.


The list of language wikis that are '''exempted''' from this will be: all '''Farsi''' and '''Chinese''' language wikis (including Wikipedias, Wikisources, etc).
Although it is relatively easy (although not trivial) to turn on a basic HTTPS on a small website, the proper activation and configuration on the Wikimedia projects is quite difficult and comes with a lot of questions. The current HTTPS URL format was enabled [[:wmfblog:2011/10/03/native-https-support-enabled-for-all-wikimedia-foundation-wikis/|activated in October 2011]] and the blog post about further HTTPS configuration was published in August 2013 by Ryan Lane: "[[:wmfblog:2013/08/01/future-https-wikimedia-projects/|The future of HTTPS on Wikimedia projects]]".


In the future, instead of making a specific list of language wikis, we plan to use [[:en:Geolocation|GeoIP]] to redirect users from known blocking countries to HTTP while all others use HTTPS (e.g., someone in Iceland will be able to view the Chinese Wikipedia over HTTPS while someone in China would view an HTTP version of the English Wikipedia).
=== Topics which can be discussed in the talk page ===


== Help! ==
Are you unable to login and edit a Wikimedia wiki after this change? Please contact the Wikimedia Foundation Operations team via any means you find comfortable including this article's talk page, on IRC in the #wikimedia-operations channel, or via the (''NB: yet to be created, will post when we have it'') email address.

== History of HTTPS at WMF ==

=== Initial activation in 2005 ===
HTTPS was first activated on the Wikimedia projects [[:mailarchive:wikitech-l/2005-December/020946.html|by Brion in December 2005]], although it was on special URLs of the form <code><nowiki>https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page</nowiki></code> and it was quite slow and unscalable (one single server for this task), making it unusable for everyone’s use.

=== Large-scale deployment in 2011 ===
HTTPS with canonical URLs <code>http'''s'''<nowiki>://en.wikipedia.org/wiki/Main_Page</nowiki></code> was activated in [[:wmfblog:2011/10/03/native-https-support-enabled-for-all-wikimedia-foundation-wikis/|October 2011]], after months of hard work for making it in a caching-friendly manner (use [[:wikitech:Https#Protocol-relative URLs|protocol-relative links]] in the pages to avoid cache two versions of a same page, set up correctly the servers and caching servers to handle HTTPS) and being sure all ressources are served in the same protocol (HTTP/HTTPS) as the page to avoid mixed content (removing the secure state of the page). This deployment of HTTPS was mentionned in the [[:mw:Category:Wikimedia engineering reports|Wikimedia engineering reports]] from [[:mw:Wikimedia engineering report/2011/May|May 2011]] to [[:mw:Wikimedia engineering report/2011/December|December 2011]].

=== August 21st, 2013 - Secure browsing for logged in users ===
Per the plan layed out in the blog post titled "[[https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ The future of HTTPS on Wikimedia Projects]], the Wikimedia Foundation will enable HTTPS for all logged in users on August 21st, 2013.

== Relation to the NSA spying scandal of 2013 ==
HTTPS got particular interest for the Wikimedia projects (among others) after the [[:en:PRISM (surveillance program)|PRISM scandal]] in the mid-2013, when it was revealed the American intelligence agency NSA monitors a big part of the global Internet for use in their intelligence programs. consequently Internet users can lose their browsing privacy. It also was pointed out any network operator or your government can monitor your browsing. On some networks, such as coffee shops with free, insecure, wifi, fellow users may also be able to easily monitor you (see [[:en:Firesheep|Firesheep]]). HTTPS is a means to [[:wikt:mitigate|mitigate]] the privacy and security issues of your browsing and editing (e.g. you can be more comfortable at editing the Wikipedia article about <code><nowiki>[[PRISM (surveillance program)]]</nowiki></code> if you can expect some privacy to not let the NSA know your identity), although you must be aware HTTPS and the whole Internet infrastructure have weaknesses, and you should inform yourself of the exact risks if you expect a very high level of security.

== Topics which can be discussed in the talk page ==
Note that you can bring your opinion even if you are not a technical person, particularly on the first points; technical people will probably respond about the technical constraints and solutions.
Note that you can bring your opinion even if you are not a technical person, particularly on the first points; technical people will probably respond about the technical constraints and solutions.


Line 29: Line 48:
** server security and management: protection of the private key (in the WMF network), response on case of major crisis (SSL software/hardware problem, fallback to pmtpa, TLS completely broken, disclosed private key), how to deal with HTTPS-deficient user agents (e.g. old or badly-written softwares, or blocked HTTPS in enterprises);
** server security and management: protection of the private key (in the WMF network), response on case of major crisis (SSL software/hardware problem, fallback to pmtpa, TLS completely broken, disclosed private key), how to deal with HTTPS-deficient user agents (e.g. old or badly-written softwares, or blocked HTTPS in enterprises);
** technical responses to the [[:en:Golden Shield Project|Great Firewall of China]]: [[:en:Geolocation|GeoIP]], specific domain, DNSSEC, opt-out mechanism (HTTP cookie, URL parameter, etc.), etc.
** technical responses to the [[:en:Golden Shield Project|Great Firewall of China]]: [[:en:Geolocation|GeoIP]], specific domain, DNSSEC, opt-out mechanism (HTTP cookie, URL parameter, etc.), etc.

=== Deployments ===

==== Initial activation in 2005 ====
HTTPS was first activated on the Wikimedia projects [[:mailarchive:wikitech-l/2005-December/020946.html|by Brion in December 2005]], although it was on special URLs of the form <code><nowiki>https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page</nowiki></code> and it was quite slow and unscalable (one single server for this task), making it unusable for everyone’s use.

==== Large-scale deployment in 2011 ====
HTTPS with canonical URLs <code>http'''s'''<nowiki>://en.wikipedia.org/wiki/Main_Page</nowiki></code> was activated in [[:wmfblog:2011/10/03/native-https-support-enabled-for-all-wikimedia-foundation-wikis/|October 2011]], after months of hard work for making it in a caching-friendly manner (use [[:wikitech:Https#Protocol-relative URLs|protocol-relative links]] in the pages to avoid cache two versions of a same page, set up correctly the servers and caching servers to handle HTTPS) and being sure all ressources are served in the same protocol (HTTP/HTTPS) as the page to avoid mixed content (removing the secure state of the page). This deployment of HTTPS was mentionned in the [[:mw:Category:Wikimedia engineering reports|Wikimedia engineering reports]] from [[:mw:Wikimedia engineering report/2011/May|May 2011]] to [[:mw:Wikimedia engineering report/2011/December|December 2011]].

==== [Future] Secure browsing for our users ====
This page is to document the current and proposed plan for enabling secure browsing (through the use of SSL/TLS) on Wikimedia project sites. For background on why we are working on this, please see the Wikimedia blog post by Ryan Lane titled "[[:wmfblog:2013/08/01/future-https-wikimedia-projects/|The future of HTTPS on Wikimedia projects]]."

==== [Future] Turning on SSL/HTTPS for logged in users ====
As announced in "The future of HTTPS" blog post, we will turn on https for logged in users on August 21, 2013. There will be a list of language wikis that are not included in this change due to the inability to access HTTPS webpages from some jurisdictions. In the future, instead of making a specific list of language wikis, we plan to use [[:en:Geolocation|GeoIP]] to redirect users from known blocking countries to HTTP while all others use HTTPS (e.g., someone in Iceland will be able to view the Chinese Wikipedia over HTTPS while someone in China would view an HTTP version of the English Wikipedia).


== Links ==
== Links ==

Revision as of 23:43, 19 August 2013

HTTPS (Wikipedia article) is a web protocol that improves the security of communication between the user and the server. With it enabled:

  • you can be sure the content you are viewing has not been modified by any intermediary such as an ISP or government system;
  • you can have reasonable expectation nobody knows what pages you are visiting, and
  • you can be sure nobody can change the content of your edits during their transport to the Wikimedia servers.

The continued work to improve the security and privacy of Wikimedia project users is a stated goal of the Wikimedia Foundation. This work has been escalated in prominance by the NSA domestic spying scandal revealed by Edward Snowden in the Summer of 2013. The Wikipedia project was listed as a specific source of tracking users' behavior online. Browsing the web via the insecure HTTP protocol allows third-parties to track what pages you view and information you send online.

What this means for you

In addition to the previous improvements to privacy and security on Wikimedia sites (see below), on Wednesday August 21st, 2013, the Wikimedia Foundation will enable HTTPS for all logged in users. How this works is simple: If a user wants to login, they are forced to login over HTTPS (thus keeping their username and password secure) and after they are logged they stay on the HTTPS version of the Wikimedia site they are using.

The list of language wikis that are exempted from this will be: all Farsi and Chinese language wikis (including Wikipedias, Wikisources, etc).

In the future, instead of making a specific list of language wikis, we plan to use GeoIP to redirect users from known blocking countries to HTTP while all others use HTTPS (e.g., someone in Iceland will be able to view the Chinese Wikipedia over HTTPS while someone in China would view an HTTP version of the English Wikipedia).

Help!

Are you unable to login and edit a Wikimedia wiki after this change? Please contact the Wikimedia Foundation Operations team via any means you find comfortable including this article's talk page, on IRC in the #wikimedia-operations channel, or via the (NB: yet to be created, will post when we have it) email address.

History of HTTPS at WMF

Initial activation in 2005

HTTPS was first activated on the Wikimedia projects by Brion in December 2005, although it was on special URLs of the form https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page and it was quite slow and unscalable (one single server for this task), making it unusable for everyone’s use.

Large-scale deployment in 2011

HTTPS with canonical URLs https://en.wikipedia.org/wiki/Main_Page was activated in October 2011, after months of hard work for making it in a caching-friendly manner (use protocol-relative links in the pages to avoid cache two versions of a same page, set up correctly the servers and caching servers to handle HTTPS) and being sure all ressources are served in the same protocol (HTTP/HTTPS) as the page to avoid mixed content (removing the secure state of the page). This deployment of HTTPS was mentionned in the Wikimedia engineering reports from May 2011 to December 2011.

August 21st, 2013 - Secure browsing for logged in users

Per the plan layed out in the blog post titled "[The future of HTTPS on Wikimedia Projects], the Wikimedia Foundation will enable HTTPS for all logged in users on August 21st, 2013.

Relation to the NSA spying scandal of 2013

HTTPS got particular interest for the Wikimedia projects (among others) after the PRISM scandal in the mid-2013, when it was revealed the American intelligence agency NSA monitors a big part of the global Internet for use in their intelligence programs. consequently Internet users can lose their browsing privacy. It also was pointed out any network operator or your government can monitor your browsing. On some networks, such as coffee shops with free, insecure, wifi, fellow users may also be able to easily monitor you (see Firesheep). HTTPS is a means to mitigate the privacy and security issues of your browsing and editing (e.g. you can be more comfortable at editing the Wikipedia article about [[PRISM (surveillance program)]] if you can expect some privacy to not let the NSA know your identity), although you must be aware HTTPS and the whole Internet infrastructure have weaknesses, and you should inform yourself of the exact risks if you expect a very high level of security.

Topics which can be discussed in the talk page

Note that you can bring your opinion even if you are not a technical person, particularly on the first points; technical people will probably respond about the technical constraints and solutions.

  • User interaction issues:
    • diffuse knowledge about HTTPS and security: documentation;
    • management of errors: how manage in case of HTTPS error? in case of major TLS problem? opt-out mechanism;
    • promotion of the HTTPS: soft-activation (ask search engines to direct to HTTPS version, see point 4 of Ryan’s post), promotion of HTTPS Everywhere, HTTP Strict Transport Security (HSTS), ask third-party softwares to switch to HTTPS, hard-activation (see point 6 of Ryan’s post);
    • promotion of pinning/TACK? ([1] and [2]);
  • Diplomatic, legal and administrative issues:
    • Issuance of the certificate, Extended Validation, pinning ([3] and [4]);
    • Great Firewall of China: observation, documentation, communication with the government? (China repeatedly blocked HTTPS Wikimedia projects, and it is the case since the beginning of 2013);
    • Surveillance programs: links with legal and citizen associations, legal protection of the servers and private key;
  • Technical issues:
    • caching: SSL terminaisons on the Varnish frontend caches, distributed SSL cache (see points 2 and 3 of Ryan’s post), etc.;
    • performance: studies and experience, OCSP stapling;
    • security: known attacks, best practices, cipher suites (Perfect forward secrecy (PFS)), man-in-the-middle mitigation (HTTP Strict Transport Security), DNSSEC, traffic analysis (see the link given in point 5 of Ryan’s post), etc.;
    • server security and management: protection of the private key (in the WMF network), response on case of major crisis (SSL software/hardware problem, fallback to pmtpa, TLS completely broken, disclosed private key), how to deal with HTTPS-deficient user agents (e.g. old or badly-written softwares, or blocked HTTPS in enterprises);
    • technical responses to the Great Firewall of China: GeoIP, specific domain, DNSSEC, opt-out mechanism (HTTP cookie, URL parameter, etc.), etc.

Links

Retrieved from "https://meta.wikimedia.org/w/index.php?title=HTTPS&oldid=5731209"