Re: Proposed Statement on "HTTPS everywhere for the IETF"

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 02 June 2015 21:05 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF1551B3095 for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nMW45F5trL4w for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:05:50 -0700 (PDT)
Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C6F01B2BD6 for <ietf@ietf.org>; Tue, 2 Jun 2015 14:05:50 -0700 (PDT)
Received: by pdbqa5 with SMTP id qa5so140991419pdb.0 for <ietf@ietf.org>; Tue, 02 Jun 2015 14:05:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=mbhEEpZGurTdbvt+y7b1KImK/AezgyRno4h3zlcd26s=; b=HmBh04qurfQinlEHYzg9MpfO2uoLCpM5EDafogGLueAaeQcaFv+mAPXpr2h0h+rUdp mxAjVrujjGdZz9JLyb+7o36WcSEtl1YHCUcKIJgxxJAbnXHfGh9S5BXF7ym06lAmgV6g KF+bK2SD7b3zfWNADQcZwJitENLWJgy5G6tugAZIWP2BJxKnBpqcVf0HnR8idSgdok88 PiPh4xZxfJuz8vzdA6L5rBR7Dip6bJf2SYUKPt2Y5a5i7ddmZPMHKiEf7psXlh2A3M+D Qms3qFfG6F12+w+hR+PyHat5CbcVt64hpWZrSoylVd8popp5zJpdfB227O2D8h76Stfy tLqQ==
X-Received: by 10.66.243.69 with SMTP id ww5mr26462782pac.106.1433279150268; Tue, 02 Jun 2015 14:05:50 -0700 (PDT)
Received: from ?IPv6:2406:e007:6fdb:1:28cc:dc4c:9703:6781? ([2406:e007:6fdb:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id zt9sm18785545pac.9.2015.06.02.14.05.46 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2015 14:05:48 -0700 (PDT)
Message-ID: <556E1AAD.8070205@gmail.com>
Date: Wed, 03 Jun 2015 09:05:49 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: stbryant@cisco.com, ietf@ietf.org
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <556D8AC5.9060909@cisco.com>
In-Reply-To: <556D8AC5.9060909@cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/0nmOCInTzULmxUP20S2AL8dggAs>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 21:05:52 -0000

Hi Stewart,
On 02/06/2015 22:51, Stewart Bryant wrote:
> I agree with the comments that the IETF should lead on
> the technology and leave the societal and political
> issues alone. Technology is our core skill and remit,
> but sociology and politics are not.

Correct, but we have consistently (since the debate that led to
RFC 1984) taken the position that regulation that damages security
or privacy (e.g. by restricting encryption or mandating back doors)
is technically undesirable.

However, that isn't at issue here. It's simply the IETF following
some version of best practice, without sacrificing our commitment to
open development of open standards.

   Brian