Re: Proposed Statement on "HTTPS everywhere for the IETF"

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 03 June 2015 21:08 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B9441B2E39 for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 14:08:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oHG0v0zmst4 for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 14:08:46 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 288ED1B2E37 for <ietf@ietf.org>; Wed, 3 Jun 2015 14:08:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7B18CBF0B; Wed, 3 Jun 2015 22:08:44 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tC42dYJ-OjzL; Wed, 3 Jun 2015 22:08:43 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.31.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EA294BF09; Wed, 3 Jun 2015 22:08:42 +0100 (IST)
Message-ID: <556F6CD9.7080401@cs.tcd.ie>
Date: Wed, 03 Jun 2015 22:08:41 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: John C Klensin <john-ietf@jck.com>, "Cullen Jennings (fluffy)" <fluffy@cisco.com>, ietf@ietf.org
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <543B4D57-C84C-49B7-B108-827333434F72@cisco.com> <556F6103.2090608@cs.tcd.ie> <1328FAA700789B05CE7FF6AF@JcK-HP8200.jck.com>
In-Reply-To: <1328FAA700789B05CE7FF6AF@JcK-HP8200.jck.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Brh4S1u6PTrF_Sh7-S3OvUpW7HI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 21:08:47 -0000


On 03/06/15 21:42, John C Klensin wrote:
> So how modest and minor do you really think it is?

It's minor in terms of impact on users and current web content.
But less so perhaps as setting the default we want to use for
other cases in future as those arise. And it impacts on tooling
as well (e.g. the URLs in the boilerplate produced by xml2rfc,
and in the tracker) and it impacts on the secretariat in minor
ways (URLs embedded in mails they send out).

The above and the fact that we do have a set of IETF folks
who seemingly don't like any of this are I think reason enough
for the iesg to solicit comment before just adopting something
like this, or just putting it in place without that.

Personally, I do wish we didn't have to have essentially
the same points discussed over and over, but it seems we
do.

Cheers,
S.