Re: Proposed Statement on "HTTPS everywhere for the IETF"

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 01 June 2015 20:15 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97ABA1A904B for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 13:15:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYYSbRlpwzmB for <ietf@ietfa.amsl.com>; Mon, 1 Jun 2015 13:15:16 -0700 (PDT)
Received: from mail-pd0-x236.google.com (mail-pd0-x236.google.com [IPv6:2607:f8b0:400e:c02::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0487C1B3397 for <ietf@ietf.org>; Mon, 1 Jun 2015 13:15:16 -0700 (PDT)
Received: by pdbqa5 with SMTP id qa5so115538174pdb.0 for <ietf@ietf.org>; Mon, 01 Jun 2015 13:15:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=b7c/Bj+SVyRuoLrSly2br+InX2O1lOknpAtGRrvgrWI=; b=r8uCOrUQ0ikWZ6IQMRIvXmAp4OeewdhxcxoKzwS1zBhHxBXpX/ea9yTPhWiBm10eoN Z3BVXqRWH2VbmpMEAisQ69VhLsCVM0550yC/lcmkvP8rznN3SwzbFYYIqfVDhGJJkL2R 1lu2j8cgEAmeX7IDn7qunjr8ODe33EJh/MY3CwAqQ3q/EEocC7uNhgMYvZDsHFNkd62J vzVSvSTFaaxokK/6fXLA95k/1Nl23rTyxFY7919Dz2xfM7uQPdRe8gXWNhboCiVW24Rt 7ymIefdAfCc3wChFxh3Ka4EGsrvT0KT8vgXOh8DrtkY6go97iApiZ3k4TxDDpMFUOvNx 0Wdw==
X-Received: by 10.68.161.99 with SMTP id xr3mr5942779pbb.47.1433189715600; Mon, 01 Jun 2015 13:15:15 -0700 (PDT)
Received: from ?IPv6:2406:e007:5b56:1:28cc:dc4c:9703:6781? ([2406:e007:5b56:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id qo1sm13829897pbc.89.2015.06.01.13.15.12 for <ietf@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jun 2015 13:15:13 -0700 (PDT)
Message-ID: <556CBD4A.9030708@gmail.com>
Date: Tue, 02 Jun 2015 08:15:06 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com>
In-Reply-To: <20150601164359.29999.35343.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Pq_hPj_8xz6z9l6eQes_P0qwoqg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 20:15:17 -0000

Hi,

I think this is reasonable. However, it seems necessary to qualify it
by pointing out that users of HTTPS remain exposed to traffic analysis
(e.g. see https://arxiv.org/pdf/1403.0297).

    Brian

On 02/06/2015 04:43, The IESG wrote:
> Hi All,
> 
> The IESG are planning to agree an IESG statement on "HTTPS Everywhere
> for the IETF," please see [1] for the current text.
> 
> We are seeking community feedback on this and welcome assistance
> from the community in identifying any cases where a change or
> additional guidance is needed to put this into effect.
> 
> The IESG plans to finalise this statement just after IETF-93 in Prague.
> 
> * Please send general feedback intended for discussion to ietf@ietf.org
> 
> * Comments about specific issues arising can be sent to iesg@ietf.org
> or tools-discuss@ietf.org as appropriate (use iesg@ietf.org if not sure)
> 
> Regards,
> Terry & Stephen (for the IESG)
> 
> [1] https://trac.tools.ietf.org/group/iesg/trac/wiki/HttpsEverywhere
> 
> .
>