taskFreeciv - Tasks: task #7989, Freeciv clients to access...

 
 
Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

task #7989: Freeciv clients to access meta.freeciv.org over HTTPS

Submitted by:  Jacob Nevins <jtn>
Submitted on:  Mon Jul 4 22:03:41 2016  
 
Should Start On: Sun Jul 3 23:00:00 2016Should be Finished on: Sun Jul 3 23:00:00 2016
Category: NonePriority: 5 - Normal
Status: Need InfoPrivacy: Public
Percent Complete: 0%Assigned to: None
Open/Closed: OpenEffort: 0.00
Planned Release: 

Sun Jul 10 13:51:18 2016, comment #2:

cf bug #24321

Jacob Nevins <jtn>
Project Administrator
Tue Jul 5 12:22:46 2016, comment #1:

For the forward compatibility reasons we probably should keep http:// as the default. Users should be free to choose https://meta.freeciv.org/metaserver.php as their metaserver, though.

Marko Lindqvist <cazfi>
Project Administrator
Mon Jul 4 22:03:41 2016, original submission:

Following on from task #7988, it would be natural to ask whether clients should start to access the metaserver, meta.freeciv.org, over HTTPS by default.

The biggest problem I see is with our shipping Windows clients. I think these ship with an entire HTTP(S) implementation (Curl) that I think never gets updates, whereas the modern HTTPS world assumes clients (== browsers) are frequently updated. So if we start having clients making use of that HTTPS implementation, we're obliged to keep our metaserver able to talk to those old clients for a long time.

This might complicate our administration; we might have to keep old deprecated algorithms and methods enabled on our web server, possibly increasing our attack surface, and in the worst case we may not be able to get renewed certificates that are compatible with our oldest clients.

(Surely the algorithms and so on in our shipped Curl are frozen in time. I'm less sure whether the CA, revocation, etc data is also frozen or whether it can magically use CA information from the operating system, i.e. what Internet Explorer uses, which is more likely to be kept up to date.)

So I think this may be more trouble than it's worth.

Jacob Nevins <jtn>
Project Administrator

 

No files currently attached

 

Digest:
   task dependencies.

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by cazfi (Posted a comment)
  • -unavailable- added by jtn (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Error: not logged in

     

     

    Follows 1 latest change.

    Date Changed By Updated Field Previous Value => Replaced By
    Mon Jul 4 22:03:55 2016jtnDependencies-=>Depends on task #7988
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup