Re: https at ietf.org

t.p. <daedulus@btconnect.com> Thu, 07 November 2013 11:15 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E797821E80D4 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 03:15:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.582
X-Spam-Level:
X-Spam-Status: No, score=-3.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3e+wRv6Krvzf for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 03:15:05 -0800 (PST)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe005.messaging.microsoft.com [216.32.180.31]) by ietfa.amsl.com (Postfix) with ESMTP id 578A411E80E4 for <ietf@ietf.org>; Thu, 7 Nov 2013 03:15:04 -0800 (PST)
Received: from mail74-va3-R.bigfish.com (10.7.14.227) by VA3EHSOBE001.bigfish.com (10.7.40.21) with Microsoft SMTP Server id 14.1.225.22; Thu, 7 Nov 2013 11:15:03 +0000
Received: from mail74-va3 (localhost [127.0.0.1]) by mail74-va3-R.bigfish.com (Postfix) with ESMTP id 0C277A0169; Thu, 7 Nov 2013 11:15:03 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.249.85; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0710HT004.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -15
X-BigFish: PS-15(zz98dI9371Ic89bh542I1432Izz1f42h2148h208ch1ee6h1de0h1fdah2073h2146h1202h1e76h20f7h1d1ah1d2ah1fc6hzz1b3f39h1de098h1033IL8275bh8275dh1de097h186068hz2dh2a8h5a9h839h93fhd24hf0ah1177h1179h1288h12a5h12a9h12bdh137ah139eh13b6h1441h1504h1537h162dh1631h1758h17f1h184fh1898h18e1h1946h19b5h19ceh1ad9h1b0ah2222h224fh1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1e23h2218h2216h304l1d11m1155h)
Received: from mail74-va3 (localhost.localdomain [127.0.0.1]) by mail74-va3 (MessageSwitch) id 1383822901605760_8016; Thu, 7 Nov 2013 11:15:01 +0000 (UTC)
Received: from VA3EHSMHS016.bigfish.com (unknown [10.7.14.242]) by mail74-va3.bigfish.com (Postfix) with ESMTP id 8F2EE3C003E; Thu, 7 Nov 2013 11:15:01 +0000 (UTC)
Received: from AMSPRD0710HT004.eurprd07.prod.outlook.com (157.56.249.85) by VA3EHSMHS016.bigfish.com (10.7.99.26) with Microsoft SMTP Server (TLS) id 14.16.227.3; Thu, 7 Nov 2013 11:15:01 +0000
Received: from DB3PRD0210HT001.eurprd02.prod.outlook.com (157.56.253.69) by pod51017.outlook.com (10.255.160.167) with Microsoft SMTP Server (TLS) id 14.16.371.2; Thu, 7 Nov 2013 11:14:56 +0000
Message-ID: <055201cedbaa$412fd4a0$4001a8c0@gateway.2wire.net>
From: t.p. <daedulus@btconnect.com>
To: Tim Bray <tbray@textuality.com>, <ned+ietf@mauve.mrochek.com>
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com><alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com><01P0FR4HDQNG00004G@mauve.mrochek.com> <CAHBU6ivZS33r4HHbCC391Ug9fMtZkJ3nojEeeqH5L+0+o3ZqGQ@mail.gmail.com>
Subject: Re: https at ietf.org
Date: Thu, 7 Nov 2013 11:12:04 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.253.69]
Content-Transfer-Encoding: quoted-printable
X-OriginatorOrg: btconnect.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: IETF-Discussion Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 11:15:22 -0000

----- Original Message -----
From: "Tim Bray" <tbray@textuality.com>
To: <ned+ietf@mauve.mrochek.com>
Cc: "IETF-Discussion Discussion" <ietf@ietf.org>
Sent: Wednesday, November 06, 2013 2:35 AM

I disagree. I can’t think of an scenario in which a human who
wants/needs
to use IETF publications would not have access to an HTTPS-capable user
agent.  -T

<tp>
I want access to IETF publications in order to contribute to the
standards process and I have access to a very fine, HTTPS-capable user
agent (supplied by Microsoft).  It works with almost every web site in
the world, but not with the IETF's.

For any https:// link, the initial html is downloaded, the CRL is
downloaded and .....
zilch, nothing, a blank screen and a little globe that spins for hours.

Quite what is wrong with the IETF certificate chain's CRL I do not know,
but I do know that the IETF website is inaccessible with HTTPS.  Of
course, I can turn off CRL checking and it works perfectly.  Which I
think is a good summary of where we have got to with security (and no,
OCSP is not out there yet).

This thread started with a design and, as other messages on this thread
have pointed out, it would seem that that design, https, is largely
irrelevant to the actual requirement, namely authentication; but the
IETF has
designed a very fine hammer, namely https, so let's get to work with the
hammer:-(

Tom Petch

On Tue, Nov 5, 2013 at 6:21 PM, <ned+ietf@mauve.mrochek.com> wrote:

>
> > I don't see reason to use https for delivery of public documents
such
> > as RFCs and Internet Drafts. All that would really accomplish is
> > reduce caching opportunities.
>
> I don't have any problem with making things available via https, but
it
> needs
> to be possible to retrieve things with regular http. Not everything
gets
> retrieved by a browser and not every tool out there supports https.
>
>                                 Ned