IETF Logo Mail Archive

Re: https at ietf.org

Dave Cridland <dave@cridland.net> Fri, 08 November 2013 07:40 UTC

Return-Path: <dave@cridland.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC3DD11E821A for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 23:40:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.802
X-Spam-Level:
X-Spam-Status: No, score=-1.802 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4O3jA9qpvM20 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 23:40:57 -0800 (PST)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id B37F211E822D for <ietf@ietf.org>; Thu, 7 Nov 2013 23:40:55 -0800 (PST)
Received: by mail-la0-f42.google.com with SMTP id ep20so1457114lab.29 for <ietf@ietf.org>; Thu, 07 Nov 2013 23:40:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=O10l/7FwZSHw3+DOTUl2AL7oI169AQbv0CJWnnLlbKM=; b=Z8QKT6hn5Fk/PgCRp6WrjZiQ76Kp7gUnXJ+CSzmt+gsmtX+ws0vTjUuZvQrhMq7FsD UEfGH0hUtERRPDZ43jA8omig5daCKXMSA1RmimdBZnAsXHgoITiVD28Ku6nQrE0PatfO jNDRzTuz+god9/KZN+9fEEAFQTotj2916Xsws=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=O10l/7FwZSHw3+DOTUl2AL7oI169AQbv0CJWnnLlbKM=; b=LGqnunhep5O82BX0JuDCbWmzsO9Gsdm3omEBKgox5XxZiAC/asukjYT0sYiNKFbGvI oQW7lreQqgWJvyEjZ3KGMtlVzHoyDppTEZSwq+2ZvM5KsCa8Zur4OcjWfvQKMM79szPs Zp71rGiT3HgaFToUyCHa2wHXYbHIzJ8ahOsLn7fFJvShn5eDff1m2Mz8lTKYKYEBp1fE ebEvPwZpCaH/rAz9KnTA66q51Q6iJCoLU8i2/F77Y8PxPS2xb1b8vzaIe2tXolX8Mg1n PMwMmE58Gw9uetrLvJoeEYDciBOqhwfQmjJGrREh/TLTAHJbPav7okJy5iWiOhcbBYBy eJpw==
X-Gm-Message-State: ALoCoQmkPLWljG3rX01dNYHnq0CrO5ba910XZArsH5GVcb5riMrGoIc5BuDxGA1jhjtcdCp9ZDN0
MIME-Version: 1.0
X-Received: by 10.152.171.72 with SMTP id as8mr312361lac.33.1383896454119; Thu, 07 Nov 2013 23:40:54 -0800 (PST)
Received: by 10.114.183.47 with HTTP; Thu, 7 Nov 2013 23:40:53 -0800 (PST)
In-Reply-To: <527C2233.3030605@cis-india.org>
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com> <alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com> <01P0FR4HDQNG00004G@mauve.mrochek.com> <CAHBU6ivZS33r4HHbCC391Ug9fMtZkJ3nojEeeqH5L+0+o3ZqGQ@mail.gmail.com> <01P0FU0CS96Q00004G@mauve.mrochek.com> <26C6A672-A5D2-44C4-B343-9CCE5E388348@standardstrack.com> <CAKHUCzzzT-0p89uT62zrxGqF1XACG+Ok7hNLcuTaDad7R7eCTQ@mail.gmail.com> <527C2233.3030605@cis-india.org>
Date: Fri, 08 Nov 2013 07:40:53 +0000
Message-ID: <CAKHUCzzcNros1=O=D1zkEU1n+XdRcdYdgK2Hkik=AvxbuUJX3w@mail.gmail.com>
Subject: Re: https at ietf.org
From: Dave Cridland <dave@cridland.net>
To: Pranesh Prakash <pranesh@cis-india.org>
Content-Type: multipart/alternative; boundary="001a1135e5a48dd7e204eaa58039"
Cc: IETF-Discussion Discussion <ietf@ietf.org>, Eric Burger <eburger@standardstrack.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 07:40:58 -0000

On Thu, Nov 7, 2013 at 11:28 PM, Pranesh Prakash <pranesh@cis-india.org>wrote:

> Dave Cridland [2013-11-06 06:39]:
> > Requiring HTTPS, particularly with reasonable cipher suites, might
> restrict
> > use of from certain jurisdictions.
>
> Could we have more concrete examples, please?  Would these be because of
> export restrictions?[1]  For instance, are there any jurisdictions from
> where users have to disable the HTTPS by default option in Gmail?
>
>  [1]: http://www.cryptolaw.org/


Examining this website for marginally less than a minute tells me that
encryption is generally banned in Saudi Arabia.

But that's really besides the point. If we "fixed" RFC 2817 support, we
could have opportunistic (better than nothing) crypto on *all* websites,
rather than forcing every website to deploy HTTPS-only - pretty good win
for privacy / anti-pervasive-surveillance.

That is, making encryption optional, but available everywhere, is a bigger
win than making it mandatory in a few places.

Dave.

v2.23.0 | Report a Bug | By Email