IETF Logo Mail Archive

Re: https at ietf.org

Bjoern Hoehrmann <derhoermi@gmx.net> Wed, 06 November 2013 12:24 UTC

Return-Path: <derhoermi@gmx.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 105A821E80EA for <ietf@ietfa.amsl.com>; Wed, 6 Nov 2013 04:24:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.957
X-Spam-Level:
X-Spam-Status: No, score=-2.957 tagged_above=-999 required=5 tests=[AWL=-0.358, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1cGhogNpVxrP for <ietf@ietfa.amsl.com>; Wed, 6 Nov 2013 04:24:09 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 9C1BA21E80FA for <ietf@ietf.org>; Wed, 6 Nov 2013 04:24:09 -0800 (PST)
Received: from netb.Speedport_W_700V ([91.35.23.138]) by mail.gmx.com (mrgmx102) with ESMTPA (Nemesis) id 0MgYGJ-1VIuVT0Jrr-00O0yc for <ietf@ietf.org>; Wed, 06 Nov 2013 13:24:08 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Joe Abley <jabley@hopcount.ca>
Subject: Re: https at ietf.org
Date: Wed, 06 Nov 2013 13:24:08 +0100
Message-ID: <ktck7953hul17s8ehhvoq6au7ro7ch9p0d@hive.bjoern.hoehrmann.de>
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com> <alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com> <01P0FR4HDQNG00004G@mauve.mrochek.com> <1614F470-50C9-46B1-8242-2AB967BBD87B@hopcount.ca>
In-Reply-To: <1614F470-50C9-46B1-8242-2AB967BBD87B@hopcount.ca>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:Z4jBh1T26daTbAOjra9wyvYeueYxhl7o/BPEuFxQAdTrwzJ+yzr wGm1bltjodTwMVacQk2NeMn8WEll5vXgpGN+fqCfC+bBOvZzjOD8WwR7wV0pa/F43UpnjAV nMNpP+BXGWfUGwSv+udbce0MGuSTkH2gmrJnOiefILzeieZ/9JXSEMeiTlpTvwYNgh12PGX rnJltj5dVX2djkNDsp8cA==
Cc: ned+ietf@mauve.mrochek.com, IETF-Discussion Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 12:24:14 -0000

* Joe Abley wrote:
>On 2013-11-05, at 18:21, ned+ietf@mauve.mrochek.com wrote:
>
>> not every tool out there supports https.
>
>That seems like the kind of thing we want to change (security as an 
>afterthought vs. security as a fundamental requirement).

A typical problem I have is that I forgot to install Honest Achmed's
certificates and then tools refuse to work and they might not have an
option to ignore the problem. Cygwin tools for instance; apparently
the certificate bundle is not part of the base system. It is also
very very common that certificates are for the wrong hostnames or are
expired leading to tool failure. It can be very frustrating when the
remote host refuses to operate under plain 'http' in such cases.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

v2.23.0 | Report a Bug | By Email