Re: Security for various IETF services

Pranesh Prakash <pranesh@cis-india.org> Fri, 04 April 2014 23:06 UTC

Return-Path: <pranesh@cis-india.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 212BA1A02C3 for <ietf@ietfa.amsl.com>; Fri, 4 Apr 2014 16:06:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.045
X-Spam-Level: *
X-Spam-Status: No, score=1.045 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FU_ENDS_2_WRDS=0.255, RCVD_IN_PSBL=2.7, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ht5jFTUtwsl1 for <ietf@ietfa.amsl.com>; Fri, 4 Apr 2014 16:06:35 -0700 (PDT)
Received: from mail.cis-india.org (mail.cis-india.org [202.190.125.68]) by ietfa.amsl.com (Postfix) with ESMTP id 3CABF1A02B0 for <ietf@ietf.org>; Fri, 4 Apr 2014 16:06:35 -0700 (PDT)
Received: from [192.168.1.65] (unknown [162.243.72.125]) by mail.cis-india.org (Postfix) with ESMTPSA id B0496A7DD84; Fri, 4 Apr 2014 23:03:48 +0000 (UTC)
Message-ID: <533F3AD5.6000408@cis-india.org>
Date: Fri, 04 Apr 2014 19:05:57 -0400
From: Pranesh Prakash <pranesh@cis-india.org>
Organization: Centre for Internet and Society
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Randall Gellens <randy@qti.qualcomm.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF-Discussion <ietf@ietf.org>
Subject: Re: Security for various IETF services
References: <533D8A90.60309@cs.tcd.ie> <533DF52E.5020707@cis-india.org> <p06240605cf63c268e7df@[99.111.97.136]>
In-Reply-To: <p06240605cf63c268e7df@[99.111.97.136]>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="du1HMAd3EL5G9M1AITcvUi4EHo24nN55K"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/IjD-58pMwd73oQhOowTJgk3SSJ0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 23:06:39 -0000

Randall Gellens <randy@qti.qualcomm.com> [2014-04-03 19:00:18 -0700]:
> At 7:56 PM -0400 4/3/14, Pranesh Prakash wrote:
>
>>>  However, as there are numerous legacy tools that have been
>>>  built that require access via cleartext
>>
>>  Could you please expand on this?  What kinds of legacy tools is that
>> statement talking about?
>
> I have a number of tools and scripts that access IETF and RFC Editor
> documents and information using HTTP and FTP.

And these tools and scripts will stop working if HTTPS or FTPS are used? 
   Can these tools and scripts not be made to work/compile with NSS / 
GnuTLS / OpenSSL?  Or is it just that it is easier not to deal with 
encryption?

Curl, wget, and even the perl-based Twitter client I use (ttytter) all 
work just fine with SSL, so I'm curious what tools and scripts have 
trouble using encryption.

-- 
Pranesh Prakash
Policy Director, Centre for Internet and Society
T: +91 80 40926283 | W: http://cis-india.org
-------------------
Access to Knowledge Fellow, Information Society Project, Yale Law School
M: +1 520 314 7147 | W: http://yaleisp.org
PGP ID: 0x1D5C5F07 | Twitter: https://twitter.com/pranesh_prakash