[OSM-talk] HTTPS all the Things (Automated Edit)

Stephan Knauss osm at stephans-server.de
Fri Feb 22 08:55:15 UTC 2019 

Hi,

Please be aware that protocol independent URLs do not mean that http is used. The client will simply continue using the protocol it used before.

Real need for that is quite limited. So in most cases they are better written as https.

But it then needs to be changed where the URL is used and not on the provider end.

Stephan


On February 22, 2019 8:02:20 AM GMT+01:00, Bryce Jasmer <bryce at jasmer.com> wrote:
>I have written a script that will search for OSM objects that have a
>website tag that explicitly states "http://..." or implicitly uses http
>by
>leaving of the protocol specification. The script will then loop
>through
>all that it discovers and asks the http site if it will redirect me to
>the
>secure version of the website over the https protocol. If it does, I
>will
>update the database with the new value.
>
>This has a couple of advantages. From now through the end of time, any
>user
>clicking on one of those links will be spared the time it takes to
>establish the connection, ask if there is a secure version of the site,
>and
>tear down the connection. It's on the order of 10-200 ms to do, but
>over
>the life of the link and the number of objects that are clicked and the
>population, this could save centuries of time :-)
>
>Another advantage is that it will make https more pervasive and
>hopefully
>people will start thinking https and forgetting all about http. A more
>secure internet is in all of our best interests.
>
>Anyway, I'd like to (slowly) run this across the planet. I've discussed
>this on the US Slack channel and have performed the actions on the
>United
>States already. I've addressed many questions and have heard no strong
>objections. I'm seeking feedback from the larger community now before
>proceeding.
>
>The wiki page is
>https://wiki.openstreetmap.org/wiki/Automated_Edits/b-jazz
>
>The Slack conversation is available, but has died down and the
>transcript
>is available at the wiki page mentioned above.
>
>The diary entry with some more conversation is at the bot's page:
>https://www.openstreetmap.org/user/b-jazz-bot/diary/47743
>
>The source code is available on GitLab for review:
>https://gitlab.com/b-jazz/https_all_the_things
>
>Example changeset for a run over the "9yfd" geohash:
>https://www.openstreetmap.org/changeset/67454775
>
>I welcome your input.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20190222/6fce87fd/attachment.html>

More information about the talk mailing list