<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi:</div><div><br></div><div>Ripe website are quite slow in some remote areas, I had quite bad experience of loading time in some area of Africa, Asian, and Middle East.<br><br>But as not sure if it has to do with any specific technology or just a general routing issue.<br><br></div><div>Lu</div><div><br>On 2015年1月22日, at 下午5:24, Shahin Gharghi <<a href="mailto:ripe@rased.ir">ripe@rased.ir</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(7,55,99)">Dear colleagues</div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(7,55,99)">I agree with Paul and we have a problem with HTTPS in Iran. </div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(7,55,99)">That's too slow here.</div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(7,55,99)">But because of this: "<span style="font-size:13px;font-family:arial,sans-serif;color:rgb(34,34,34)"> </span><span style="font-size:13px;font-family:arial,sans-serif;color:rgb(34,34,34)">because we plan to integrate RIPE NCC Access</span>" They have to switch into HTTPS.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 22, 2015 at 7:18 PM, Paul Civati <span dir="ltr"><<a href="mailto:paul@racksense.com" target="_blank">paul@racksense.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">(cc members-discuss)<br>
<br>
Mihnea-Costin Grigore <<a href="mailto:mgrigore@ripe.net">mgrigore@ripe.net</a>> wrote:<br>
<br>
> Dear colleagues,<br>
><br>
> We plan to make the <a href="http://www.ripe.net" target="_blank">www.ripe.net</a> website available over HTTPS only as<br>
> of 5 February 2015. We believe this change will provide a more secure,<br>
> efficient website for our users.<br>
><br>
> The <a href="http://www.ripe.net" target="_blank">www.ripe.net</a> website has been available over HTTPS for some time<br>
> already, and we are now making it HTTPS-only for two reasons: to improve<br>
> the website's security, and because we plan to integrate RIPE NCC Access<br>
> (our single sign-on system) with <a href="http://www.ripe.net" target="_blank">www.ripe.net</a> as part of our larger<br>
> website redesign project, which requires us to use HTTPS throughout the<br>
> site.<br>
<br>
Some observations spring to mind.<br>
<br>
1. <a href="http://www.ripe.net" target="_blank">www.ripe.net</a> is (as far as I can see - and I could be wrong - please<br>
correct me) primarily an information site, that is it provides publically<br>
available information to everyone/anyone. Therefore it does not largely<br>
transmit anything that needs to be secure and encrypted over SSL.<br>
<br>
2. There have been far more security holes in https/TLS/SSL of recent<br>
than plain HTTP as far as I can tell. Therefore I would say that https<br>
is less secure unless you have sensitive information to transport.<br>
If my assertion (1) is correct then it would not seem beneficial<br>
to SSL proect <a href="http://www.ripe.net" target="_blank">www.ripe.net</a> - indeed it may make it less secure.<br>
<br>
3. Whilst I agree wholeheartedly that SSO is a good plan, in this<br>
case separation of the two different entities (information ie.<br>
<a href="http://www.ripe.net" target="_blank">www.ripe.net</a> and admin ie. LIR portal) seems like a good idea.<br>
<br>
Of course (3) may break the desire for SSO.<br>
<br>
Or this may not really matter and no-one may really care. :)<br>
<br>
Regards,<br>
<br>
-Paul-<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Paul Civati <paul(at)<a href="http://racksense.com" target="_blank">racksense.com</a>> <a href="tel:0870%20321%202855" value="+988703212855">0870 321 2855</a><br>
Rack Sense Ltd - Managed Service Provider - <a href="http://www.racksense.com" target="_blank">www.racksense.com</a><br>
<br>
----<br>
If you don't want to receive emails from the RIPE NCC members-discuss<br>
mailing list, please log in to your LIR Portal account and go to the general page:<br>
<a href="https://lirportal.ripe.net/general/" target="_blank">https://lirportal.ripe.net/general/</a><br>
<br>
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.<br>
</font></span></blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>----</span><br><span>If you don't want to receive emails from the RIPE NCC members-discuss</span><br><span>mailing list, please log in to your LIR Portal account and go to the general page:</span><br><span><a href="https://lirportal.ripe.net/general/">https://lirportal.ripe.net/general/</a></span><br><span></span><br><span>Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.</span></div></blockquote></body></html>