Re: https at ietf.org
Chris Inacio <inacio@cert.org> Thu, 07 November 2013 17:29 UTC
Return-Path: <inacio@cert.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B94611E8264 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 09:29:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.289
X-Spam-Level:
X-Spam-Status: No, score=-6.289 tagged_above=-999 required=5 tests=[AWL=0.310, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id osOI1Bg1hSa7 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 09:28:58 -0800 (PST)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu [192.58.107.45]) by ietfa.amsl.com (Postfix) with ESMTP id 7041B11E818D for <ietf@ietf.org>; Thu, 7 Nov 2013 09:28:50 -0800 (PST)
Received: from timber.sei.cmu.edu (timber.sei.cmu.edu [10.64.21.23]) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id rA7HSnTs008477; Thu, 7 Nov 2013 12:28:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1383845329; bh=wZHnFXHqzsAh0lPTb0G96AEwFgzC0Z/W81OH5jR8DcM=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-ID:Content-Transfer-Encoding:MIME-Version: Sender:Reply-To; b=CPdtmX1DlZ/Ksd7qRDnEzH6BTJDWcWejk4jx2NNoxW3hB5fr2jBcWFLdpmen9e8l/ pKdplAFj7rs7XLVnQnLD64zkAeF+llck7WuDztUM8Qs9PLZH8akotv2IxfwjHwpeqy RfQVx4NxSKJCCnsUe5T2pYqNnuAwHO/zvLY7+QSk=
Received: from CASSINA.ad.sei.cmu.edu (cassina.sei.cmu.edu [10.64.28.249]) by timber.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id rA7HSns7000882; Thu, 7 Nov 2013 12:28:49 -0500
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.02.0347.000; Thu, 7 Nov 2013 12:28:48 -0500
From: Chris Inacio <inacio@cert.org>
To: John C Klensin <john-ietf@jck.com>
Subject: Re: https at ietf.org
Thread-Topic: https at ietf.org
Thread-Index: AQHO2ogVwwpu+Gz+rUel02YqqVRNy5oXv8CAgAACwQCAAM2FgIABzFsA
Date: Thu, 07 Nov 2013 17:28:48 +0000
Message-ID: <C7ACC5D4-AFC7-427C-9AE4-C57A5CF098CC@cert.org>
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com> <alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com> <B3AE10BB-3A50-42A6-A7A1-E76257D9A39A@standardstrack.com> <F90A86F78597803A1EB14DC2@JCK-EEE10>
In-Reply-To: <F90A86F78597803A1EB14DC2@JCK-EEE10>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.100.100]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <50E0E5130D0EF149ACDC96F78507BDFC@sei.cmu.edu>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: IETF-Discussion Discussion <ietf@ietf.org>, Eric Burger <eburger@standardstrack.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 17:29:02 -0000
+1 I don’t care about the transport to get a public document if the goal is to ensure the document hasn’t been tampered with. Personally, I think HTTPS is a totally missing the point. To that effect, if we’re really serious about this stuff, shouldn’t we want all email on the lists signed as well? -- Chris Inacio inacio@cert.org On Nov 6, 2013, at 6:01 AM, John C Klensin <john-ietf@jck.com> wrote: > > > --On Tuesday, 05 November, 2013 20:45 -0500 Eric Burger > <eburger@standardstrack.com> wrote: > >> Because would not someone retrieving an RFC want to know it >> really came from the IETF, especially when it says The >> protocol MUST provide provisions for lawful intercept and >> MUST post a notification when traitorous speech is detected. >> >> ;-) > > Eric, > > I think your joke illustrates the other part of the problem. If > I really want to "know it really came from the IETF", then I > want a digital signature on the document that I can verify after > it is retrieved, regardless of the retrieval mechanism used. > > At least until and unless we (and the rest of the community) > manage to clean up the server CA mess --including both killing > off the CAs with bad behavior patterns and making sure that all > HTTPS clients do really careful cert validation-- https may give > me a warm and fuzzy feeling, but it doesn't guarantee document > authorship and integrity. Worse, part of the problem today if > that, if those HTTPS-related tools work well, there is some > history of false negatives (e.g., letting certs expire) that > keep people from getting to documents for no good reason. > > I believe in eating our own dogfood, but think an appeal to that > principle requires careful attention to whether the food is > suitable for purpose and safe and nutritious for canine > consumption. In today's environment, claims about HTTPS for > document authenticity and/or integrity fail that test. > > I strongly defend keeping HTTPS available for those who want it, > but oppose getting rid of it to punish those who have reasons to > not use it. > > john >
- Re: https at ietf.org Eric Burger
- https at ietf.org Tim Bray
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org David Morris
- Re: https at ietf.org Paul Wouters
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Dean Willis
- Re: https at ietf.org Tim Bray
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org Hector Santos
- Re: https at ietf.org Marco Davids (Prive)
- Re: https at ietf.org Hector Santos
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Yoav Nir
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org Eric Burger
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org Thiago Marinello
- Re: https at ietf.org Bjoern Hoehrmann
- Re: https at ietf.org John C Klensin
- Re: https at ietf.org John C Klensin
- Re: https at ietf.org Ted Lemon
- authentication without https (was Re: https at ie… Dave Crocker
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org ned+ietf
- Re: authentication without https (was Re: https a… Ted Lemon
- Re: https at ietf.org MAISONNEUVE, JULIEN (JULIEN)
- Re: https at ietf.org Eric Burger
- Re: https at ietf.org Marco Davids (Prive)
- Re: https at ietf.org Yoav Nir
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Carsten Bormann
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Carsten Bormann
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org t.p.
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Arturo Servin
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Noel Chiappa
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org Chris Inacio
- Re: https at ietf.org Noel Chiappa
- Re: https at ietf.org Tim Bray
- Re: https at ietf.org Tim Bray
- Re: https at ietf.org Yoav Nir
- Re: https at ietf.org t.p.
- Re: https at ietf.org Noel Chiappa
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Chris Inacio
- Re: https at ietf.org Martin Rex
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Martin Rex
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Douglas Otis
- Re: https at ietf.org Pranesh Prakash
- Re: https at ietf.org Pranesh Prakash
- Re: https at ietf.org Martin Rex
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org John R Levine
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Eric Burger
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Joe Abley
- Coercion S Moonesamy
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org John Levine
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Michael Richardson
- Reconstruct the key S Moonesamy
- Re: https at ietf.org Randy Bush
- Re: https at ietf.org Randy Bush
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Sean Turner
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Doug Barton
- Re: [IETF] https at ietf.org Warren Kumari
- Re: [IETF] https at ietf.org Michael Richardson
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org Mark Andrews
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org John C Klensin
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org Douglas Otis