Dear colleagues I agree with Paul and we have a problem with HTTPS in Iran. That's too slow here. But because of this: " because we plan to integrate RIPE NCC Access" They have to switch into HTTPS. On Thu, Jan 22, 2015 at 7:18 PM, Paul Civati <paul@racksense.com> wrote:
(cc members-discuss)
Mihnea-Costin Grigore <mgrigore@ripe.net> wrote:
Dear colleagues,
We plan to make the www.ripe.net website available over HTTPS only as of 5 February 2015. We believe this change will provide a more secure, efficient website for our users.
The www.ripe.net website has been available over HTTPS for some time already, and we are now making it HTTPS-only for two reasons: to improve the website's security, and because we plan to integrate RIPE NCC Access (our single sign-on system) with www.ripe.net as part of our larger website redesign project, which requires us to use HTTPS throughout the site.
Some observations spring to mind.
1. www.ripe.net is (as far as I can see - and I could be wrong - please correct me) primarily an information site, that is it provides publically available information to everyone/anyone. Therefore it does not largely transmit anything that needs to be secure and encrypted over SSL.
2. There have been far more security holes in https/TLS/SSL of recent than plain HTTP as far as I can tell. Therefore I would say that https is less secure unless you have sensitive information to transport. If my assertion (1) is correct then it would not seem beneficial to SSL proect www.ripe.net - indeed it may make it less secure.
3. Whilst I agree wholeheartedly that SSO is a good plan, in this case separation of the two different entities (information ie. www.ripe.net and admin ie. LIR portal) seems like a good idea.
Of course (3) may break the desire for SSO.
Or this may not really matter and no-one may really care. :)
Regards,
-Paul-
-- Paul Civati <paul(at)racksense.com> 0870 321 2855 Rack Sense Ltd - Managed Service Provider - www.racksense.com
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.