Discussion:
TLS/SNI thoughts?
Shaver, Michael R
2010-12-14 23:19:05 UTC
Permalink
Adam was doing some investigating on our potential limitation of IPs at OSU and was looking into TLS/SNI ( http://en.wikipedia.org/wiki/Server_Name_Indication). Seems like it could solve our problems in many regards, but there are a few catches, naming compatibility with Windows XP clients accessing our sites.

This seems like a tough call. The attached screenshot shows there is a significant amount of Windows XP traffic to some of our sites: meego.com, help.meego.com, forum.meego.com, conference2010.meego.com. But I'm not sure about bugs.meego.com, wiki.meego.com, or developer.meego.com yet?

We could push people to a message to use another browser if they come from XP, but that might be a bit obtrusive? The other options would be to choose a set of sites to run under TLS/SNI, but I'm not sure the exact grouping of sites that makes sense.

Any thoughts?
Dean Pierce
2010-12-14 23:57:06 UTC
Permalink
I say go for it :-)

It would only really effect the the authenticated parts of the sites,
and I would imagine that only a very small portion of the meego
development community is using IE on windows xp. Even among those
people, the number who would be UNABLE to upgrade their OS or change
browsers is likely even smaller than that.

- DEA
Dean Pierce
2010-12-15 00:00:18 UTC
Permalink
.. not actually DEA, looks like I hit the enter key before my fingers
got to the N ..

- DEAN
Ryan Ware
2010-12-15 01:46:50 UTC
Permalink
That's good. I was getting worried we hired a Fed.

;-)

Ryan
Post by Dean Pierce
.. not actually DEA, looks like I hit the enter key before my fingers
got to the N ..
- DEAN
_______________________________________________
MeeGo-it mailing list
http://lists.meego.com/listinfo/meego-it
Stefano Mosconi
2010-12-15 08:59:19 UTC
Permalink
Well if the problem is only XP I would start to tell these guys to upgrade to a
modern OS (or just to _an_ OS)

Stefano
Post by Shaver, Michael R
Adam was doing some investigating on our potential limitation of IPs at OSU and was looking into TLS/SNI ( http://en.wikipedia.org/wiki/Server_Name_Indication). Seems like it could solve our problems in many regards, but there are a few catches, naming compatibility with Windows XP clients accessing our sites.
This seems like a tough call. The attached screenshot shows there is a significant amount of Windows XP traffic to some of our sites: meego.com, help.meego.com, forum.meego.com, conference2010.meego.com. But I'm not sure about bugs.meego.com, wiki.meego.com, or developer.meego.com yet?
We could push people to a message to use another browser if they come from XP, but that might be a bit obtrusive? The other options would be to choose a set of sites to run under TLS/SNI, but I'm not sure the exact grouping of sites that makes sense.
Any thoughts?
_______________________________________________
MeeGo-it mailing list
http://lists.meego.com/listinfo/meego-it
Darryl Miles
2010-12-15 23:48:31 UTC
Permalink
Post by Shaver, Michael R
Any thoughts?
Great so long as every library and tool in the MeeGo stack is patched
and any necessary certificates and other diddly bits are available
through zypper so people can get their work done with as little
configuration as possible. MeeGo has to "Eat your own dog food" and it
has to taste good.


Running out of IPs? Will or does the IT infrastructure have IPv6
support yet ? Maybe this can be scheduled for 2011 ?


Darryl
Stefano Mosconi
2010-12-16 07:43:09 UTC
Permalink
Post by Shaver, Michael R
Any thoughts?
Great so long as every library and tool in the MeeGo stack is patched and any
necessary certificates and other diddly bits are available through zypper so
people can get their work done with as little configuration as possible. MeeGo
has to "Eat your own dog food" and it has to taste good.
Yeah we need to make sure that the scripts support this before we go for it.

Apparently wget doesn't for instance.
Running out of IPs? Will or does the IT infrastructure have IPv6 support yet ?
Maybe this can be scheduled for 2011 ?
Nope, not yet supported, maybe next year.

Stefano
Ryan Ware
2010-12-16 16:43:53 UTC
Permalink
Post by Stefano Mosconi
Post by Shaver, Michael R
Any thoughts?
Great so long as every library and tool in the MeeGo stack is patched and any
necessary certificates and other diddly bits are available through zypper so
people can get their work done with as little configuration as possible. MeeGo
has to "Eat your own dog food" and it has to taste good.
Yeah we need to make sure that the scripts support this before we go for it.
Apparently wget doesn't for instance.
Can someone take the AR to determine what portions of the MeeGo stack aren't compliant with TLS/SNI other than wget? It would be good to have a complete list and then we can start to determine the effort to get this functionality.

Ryan
Post by Stefano Mosconi
Running out of IPs? Will or does the IT infrastructure have IPv6 support yet ?
Maybe this can be scheduled for 2011 ?
Nope, not yet supported, maybe next year.
Stefano
_______________________________________________
MeeGo-it mailing list
http://lists.meego.com/listinfo/meego-it
s***@public.gmane.org
2010-12-16 20:03:57 UTC
Permalink
Post by Ryan Ware
Post by Stefano Mosconi
Post by Shaver, Michael R
Any thoughts?
Great so long as every library and tool in the MeeGo stack is patched and any
necessary certificates and other diddly bits are available through zypper so
people can get their work done with as little configuration as possible. MeeGo
has to "Eat your own dog food" and it has to taste good.
Yeah we need to make sure that the scripts support this before we go for it.
Apparently wget doesn't for instance.
Can someone take the AR to determine what portions of the MeeGo stack
aren't compliant with TLS/SNI other than wget? It would be good to have
a complete list and then we can start to determine the effort to get this
functionality.
Hmmm, the question is who?

What you think should it be the release managers?

Stefano
Post by Ryan Ware
Ryan
Post by Stefano Mosconi
Running out of IPs? Will or does the IT infrastructure have IPv6 support yet ?
Maybe this can be scheduled for 2011 ?
Nope, not yet supported, maybe next year.
Stefano
_______________________________________________
MeeGo-it mailing list
http://lists.meego.com/listinfo/meego-it
Loading...