IETF Logo Mail Archive

Re: Proposed Statement on "HTTPS everywhere for the IETF"

Richard Barnes <rlb@ipv.sx> Mon, 01 June 2015 17:16 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2ED01B2F3E for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 10:16:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fv8pXKPCdJOQ for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 10:16:12 -0700 (PDT)
Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C751C1B2CB5 for <ietf@ietf.org>; Mon, 1 Jun 2015 10:16:11 -0700 (PDT)
Received: by laew7 with SMTP id w7so14718892lae.1 for <ietf@ietf.org>; Mon, 01 Jun 2015 10:16:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=/HKFeSfo1gpSJi+0cKnLOcqgLyUNoEsz5irAN09QPhk=; b=JbLCX4u1skpZxYKPKpc0nu7ojbWD+a+UgJg0k52H70/whgtuYHU4MNKhnYB2JkLWRm aZ1QXdjLX2S3roykn6dceB763sYPP5dcoQqxt7TJnYTbBA+3iV4D4xEXfiysWHC99q/4 aPzIZp+6PzNNm9pl1fX5OcWBoZqVYoWKlpQvfziIjo7S1tad/z/3cU4rmicmqPZNFJdT xHLzUJbHCsGGrFQm+Q/iFnFY72U6TSaVh3zrLGjvelsDqfEuv1TQKS1OV9y3h6Ciou3S NT4vT8lXBOG2Z1VeN/uAoBWjzbp+CTz4esBQnRF8RE56ofGliZuofH5FpIP2FmshqgER ZSOQ==
X-Gm-Message-State: ALoCoQldxhMohg3HjPKYXg+h8tw3p0rriqXqI8x2Q72t3sQQRRK2HYvwFe2olhfwfsDlywfDDE3j
MIME-Version: 1.0
X-Received: by 10.152.116.49 with SMTP id jt17mr21861759lab.82.1433178970276; Mon, 01 Jun 2015 10:16:10 -0700 (PDT)
Received: by 10.25.214.162 with HTTP; Mon, 1 Jun 2015 10:16:10 -0700 (PDT)
In-Reply-To: <20150601164359.29999.35343.idtracker@ietfa.amsl.com>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com>
Date: Mon, 01 Jun 2015 13:16:10 -0400
Message-ID: <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
From: Richard Barnes <rlb@ipv.sx>
To: "ietf@ietf.org" <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c3677e6c5d66051777fbfc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/BgVJfsuElTXlZYbS1R7u-PNzJQg>
Cc: IETF Announcement List <ietf-announce@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 17:16:13 -0000

Do it.  Do it boldly and fearlessly.  Make the statement and implement it.

"""
However, as there may be tools that could be affected by this, and
recognising that there are a number of IETF participants who prefer to
continue to access materials via cleartext, or who have issues with using
standard confidentiality services, the IESG are also requiring that public
information continue to be made available in cleartext form.
"""

Don't be tied to legacy.  Anything that doesn't support HTTPS at this point
needs to upgrade and deserves to be broken.

The IETF needs to be a leader here.

--Richard

On Mon, Jun 1, 2015 at 12:43 PM, The IESG <iesg@ietf.org> wrote:

> Hi All,
>
> The IESG are planning to agree an IESG statement on "HTTPS Everywhere
> for the IETF," please see [1] for the current text.
>
> We are seeking community feedback on this and welcome assistance
> from the community in identifying any cases where a change or
> additional guidance is needed to put this into effect.
>
> The IESG plans to finalise this statement just after IETF-93 in Prague.
>
> * Please send general feedback intended for discussion to ietf@ietf.org
>
> * Comments about specific issues arising can be sent to iesg@ietf.org
> or tools-discuss@ietf.org as appropriate (use iesg@ietf.org if not sure)
>
> Regards,
> Terry & Stephen (for the IESG)
>
> [1] https://trac.tools.ietf.org/group/iesg/trac/wiki/HttpsEverywhere
>
>

v2.23.0 | Report a Bug | By Email