Re: Proposed Statement on "HTTPS everywhere for the IETF"

Xiaoyin Liu <xiaoyin.l@outlook.com> Wed, 03 June 2015 08:51 UTC

Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B6831B367D for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 01:51:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.898
X-Spam-Level:
X-Spam-Status: No, score=-0.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DDDT2fwGOsxz for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 01:51:16 -0700 (PDT)
Received: from BAY004-OMC2S22.hotmail.com (bay004-omc2s22.hotmail.com [65.54.190.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E4F81B366F for <ietf@ietf.org>; Wed, 3 Jun 2015 01:51:16 -0700 (PDT)
Received: from BAY180-W79 ([65.54.190.123]) by BAY004-OMC2S22.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Wed, 3 Jun 2015 01:51:16 -0700
X-TMN: [697wDO8OYfrti8KBZ6r1oAQQcWkwgB2n]
X-Originating-Email: [xiaoyin.l@outlook.com]
Message-ID: <BAY180-W795EFCE21D687DA0B50957FFB40@phx.gbl>
Content-Type: multipart/alternative; boundary="_ae7a3328-b7b5-4a10-9159-5d4a6fbe15c3_"
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: Joe Touch <touch@isi.edu>, Richard Barnes <rlb@ipv.sx>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
Date: Wed, 3 Jun 2015 04:51:15 -0400
Importance: Normal
In-Reply-To: <556E1F7C.7060602@isi.edu>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com> <556DE0EF.2040809@isi.edu> <CAL02cgSdSFOaDqz9+jAZ7KsoMXOa5u=ff_i=c3EQ-SG0-ZPG7A@mail.gmail.com> <556DFCF7.3020607@isi.edu>, <CAL02cgSOWpV51mQUdmeFwJaDS1fDWfG5Du4tRGgVW8OtvR1z3Q@mail.gmail.com>, <556E1F7C.7060602@isi.edu>
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Jun 2015 08:51:16.0201 (UTC) FILETIME=[739F8590:01D09DDA]
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/G9B1nexpm0EcOp5NhkpGc-zNoM0>
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 08:51:19 -0000

> Date: Tue, 2 Jun 2015 14:26:20 -0700
> From: touch@isi.edu
> To: rlb@ipv.sx
> Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
> CC: ietf@ietf.org; ietf-announce@ietf.org
> 
> 
> 
> On 6/2/2015 2:19 PM, Richard Barnes wrote:
> > 
> > 
> > On Tue, Jun 2, 2015 at 2:59 PM, Joe Touch <touch@isi.edu
> > <mailto:touch@isi.edu>> wrote:
> > 
> > 
> > 
> >     On 6/2/2015 11:51 AM, Richard Barnes wrote:
> >     >
> >     >
> >     > On Tue, Jun 2, 2015 at 12:59 PM, Joe Touch <touch@isi.edu <mailto:touch@isi.edu>
> >     > <mailto:touch@isi.edu <mailto:touch@isi.edu>>> wrote:
> >     >
> >     >     On 6/1/2015 10:16 AM, Richard Barnes wrote:
> >     >     > Do it.  Do it boldly and fearlessly.  Make the statement and implement it.
> >     >     >
> >     >     ...
> >     >     > Don't be tied to legacy.  Anything that doesn't support HTTPS at this
> >     >     > point needs to upgrade and deserves to be broken.
> >     >
> >     >     Leaving out the have-nots - or those whose access is blocked by others
> >     >     when content cannot be scanned - isn't moving forward.
> >     >
> >     >
> >     > [citation-required]
> >     >
> >     > Where is this place where the entire HTTPS web is not accessible?
> > 
> >     http://en.wikipedia.org/wiki/Censorship_of_Wikipedia
> > 
> >     Search for HTTPS.
> > 
> > 
> > This is all that that search turns up:
> > """
> > Chinese authorities started blocking access to the secure (https)
> > version of the site on 31 May 2013, although the non-secure (http)
> > version is still available – the latter is vulnerable to keyword
> > filtering allowing individual articles to be selectively blocked.
> > Greatfire urged Wikipedia and users to circumvent the block by using
> > https access to other IP addresses owned by Wikipedia.
> > """
 
This information is outdated. The https version of Wikipedia is no longer blocked in China, but the http versions of Chinese Wikipedia, Chinese Wikisource, Chinese Wikinews, and Uyghur Wikipedia are blocked in China.[1] Actually the Wikimedia Foundation is considering forcing HTTPS for every Wikipedia visitors, even if the censorship of Wikipedia exists.[2]
 
[1] https://zh.wikipedia.org/wiki/Template:Wiki-accessibility-CHN (in Chinese)
[2] https://phabricator.wikimedia.org/T49832#1240760
 
> > 
> > If censors want to block the IETF website, they can do it with or
> > without HTTPS. 
> 
> But that's not what they DID.
> 
> They blocked the activity they couldn't monitor.
 
Another example is that http://www.worldcat.org/ is blocked in China, but https://www.worldcat.org/ is accessible.
 
So my opinion is that, in general, HTTPS is more accessible than HTTP.
 
Xiaoyin