Re: Proposed Statement on "HTTPS everywhere for the IETF"

Richard Barnes <rlb@ipv.sx> Tue, 02 June 2015 21:30 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6190A1A002F for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:30:44 -0700 (PDT)
X-Quarantine-ID: <2q__1NRKaYIg>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains text/plain,.exe
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2q__1NRKaYIg for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:30:42 -0700 (PDT)
Received: from mail-la0-f52.google.com (mail-la0-f52.google.com [209.85.215.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0AB31A0029 for <ietf@ietf.org>; Tue, 2 Jun 2015 14:30:41 -0700 (PDT)
Received: by laei3 with SMTP id i3so47932814lae.3 for <ietf@ietf.org>; Tue, 02 Jun 2015 14:30:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ry2f4dFdkSeZ8v649yqpBnwwSbenhwfk5uzIB9QNGc0=; b=bAfrDon2cPjEqCRryUj53TWSsaU4wP8aWlJN0Wo9rAXuGw8Jv9R+uKD8dmnTOQDqC6 Gc5bNOAaa8v45Evd1zUTtyogAAs+bnBMQBr3vfe4WBMhsFEPlSy2ucNMHjvWcTf6+ngA 3kXHA7zLhlBkHBgN7oQJhnl+PixCXxCTkS7YA+RhPo9zl+bn4JC0sEIcw+APH6BrS/dZ /FoMXI1XgkZ7fJMkH14h+kEnw5uR8LvNXboD4u+5Rd7gpc//3e6u3V3TpQ5LsgU8B+HY nUeKUSc9OwivQmanWns0dJ2YuNFxwnzcInNYgnmtJWl8t8tND1aBEgF51FKYHtf/seY6 Vlkw==
X-Gm-Message-State: ALoCoQnB5N/1U1RALYsl6wKSRv18eWOoABda++gEDB5eUX2EH+t+N6qZX8FBMWkI5UasyJPwOuJ1
MIME-Version: 1.0
X-Received: by 10.112.118.206 with SMTP id ko14mr28531688lbb.28.1433280640351; Tue, 02 Jun 2015 14:30:40 -0700 (PDT)
Received: by 10.25.214.162 with HTTP; Tue, 2 Jun 2015 14:30:40 -0700 (PDT)
In-Reply-To: <556E1F7C.7060602@isi.edu>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com> <556DE0EF.2040809@isi.edu> <CAL02cgSdSFOaDqz9+jAZ7KsoMXOa5u=ff_i=c3EQ-SG0-ZPG7A@mail.gmail.com> <556DFCF7.3020607@isi.edu> <CAL02cgSOWpV51mQUdmeFwJaDS1fDWfG5Du4tRGgVW8OtvR1z3Q@mail.gmail.com> <556E1F7C.7060602@isi.edu>
Date: Tue, 2 Jun 2015 17:30:40 -0400
Message-ID: <CAL02cgTDXkmUwVHWo2_jrj+Lj4AcxnMUj98V2L4wqLrB9Mf9cw@mail.gmail.com>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
From: Richard Barnes <rlb@ipv.sx>
To: Joe Touch <touch@isi.edu>
Content-Type: multipart/alternative; boundary=047d7b8738b66e958c05178fa7e7
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/R0MEg2Tl1MDo6UuJCOe3qWGloho>
Cc: "ietf@ietf.org" <ietf@ietf.org>, IETF Announcement List <ietf-announce@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 21:30:44 -0000

On Tue, Jun 2, 2015 at 5:26 PM, Joe Touch <touch@isi.edu> wrote:

>
>
> On 6/2/2015 2:19 PM, Richard Barnes wrote:
> >
> >
> > On Tue, Jun 2, 2015 at 2:59 PM, Joe Touch <touch@isi.edu
> > <mailto:touch@isi.edu>> wrote:
> >
> >
> >
> >     On 6/2/2015 11:51 AM, Richard Barnes wrote:
> >     >
> >     >
> >     > On Tue, Jun 2, 2015 at 12:59 PM, Joe Touch <touch@isi.edu <mailto:
> touch@isi.edu>
> >     > <mailto:touch@isi.edu <mailto:touch@isi.edu>>> wrote:
> >     >
> >     >     On 6/1/2015 10:16 AM, Richard Barnes wrote:
> >     >     > Do it.  Do it boldly and fearlessly.  Make the statement and
> implement it.
> >     >     >
> >     >     ...
> >     >     > Don't be tied to legacy.  Anything that doesn't support
> HTTPS at this
> >     >     > point needs to upgrade and deserves to be broken.
> >     >
> >     >     Leaving out the have-nots - or those whose access is blocked
> by others
> >     >     when content cannot be scanned - isn't moving forward.
> >     >
> >     >
> >     > [citation-required]
> >     >
> >     > Where is this place where the entire HTTPS web is not accessible?
> >
> >     http://en.wikipedia.org/wiki/Censorship_of_Wikipedia
> >
> >     Search for HTTPS.
> >
> >
> > This is all that that search turns up:
> > """
> > Chinese authorities started blocking access to the secure (https)
> > version of the site on 31 May 2013, although the non-secure (http)
> > version is still available – the latter is vulnerable to keyword
> > filtering allowing individual articles to be selectively blocked.
> > Greatfire urged Wikipedia and users to circumvent the block by using
> > https access to other IP addresses owned by Wikipedia.
> > """
> >
> > If censors want to block the IETF website, they can do it with or
> > without HTTPS.
>
> But that's not what they DID.
>
> They blocked the activity they couldn't monitor.


I would rather not preemptively knuckle under to censorship.  If it turns
out that we turn on HTTPS and nobody can see it, we can adapt to that fact.


--Richard