[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
Florian Lohoff
flo at rfc822.org
Tue Dec 22 18:14:13 GMT 2009
On Tue, Dec 22, 2009 at 02:30:38PM +0000, Tom Hughes wrote:
> On 22/12/09 14:11, John Smith wrote:
>
> > When does anyone plan to use SSL to protect passwords and users on OSM?
>
> It's on my to do list to create a CSR and give to it to Grant.
>
> There are some issues to work out with regard to what we protect though
> as we don't really want to be using SSL for all the API requests though
> so we would prefer to encourage clients to move to using OAuth so we can
> then just protect the initial exchange when the application is authorised.
My guess is that the API server is fully I/O bound and has massive spare CPU.
So encrypting all API calls shouldnt be much of a problem - There is not that
much data transferred anyway, just a lot of connected with little data in them.
I'd like to see SSL encrypted connections for everything, there are a lot of
employees spying on their staff, governments on their population and people
each other. I am not afraid in loosing my password to someone as its a unique
for OSM but the world is full of privacy black holes and we want to support
our users/mappers against any breach of confidentiality.
Flo
--
Florian Lohoff flo at rfc822.org
"Es ist ein grobes Missverständnis und eine Fehlwahrnehmung, dem Staat
im Internet Zensur- und Überwachungsabsichten zu unterstellen."
- - Bundesminister Dr. Wolfgang Schäuble -- 10. Juli in Berlin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20091222/0f0a9641/attachment.pgp>
More information about the talk
mailing list