Re: Proposed Statement on "HTTPS everywhere for the IETF"

Benson Schliesser <bensons@queuefull.net> Thu, 04 June 2015 19:06 UTC

Return-Path: <bensons@queuefull.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CEEC1A88D3 for <ietf@ietfa.amsl.com>; Thu, 4 Jun 2015 12:06:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPWW1HH-xggT for <ietf@ietfa.amsl.com>; Thu, 4 Jun 2015 12:06:44 -0700 (PDT)
Received: from mail-pa0-f42.google.com (mail-pa0-f42.google.com [209.85.220.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DAC01A88D2 for <ietf@ietf.org>; Thu, 4 Jun 2015 12:06:44 -0700 (PDT)
Received: by padj3 with SMTP id j3so35098988pad.0 for <ietf@ietf.org>; Thu, 04 Jun 2015 12:06:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=tkeBTMMG12qurmR3DT3UI02i6KiEUsSV3bPr49Sv16Q=; b=OFdXEn33ZrlQMNICC2d4k61qNCkfMUL1kIpn8P3JqB7ydxSV1TOorOkdbfyelgpEzp 7Jnh/8GFEOjy283fBKjeXZwxztw3BCFaiDOzMgtL38Zquz6bJQMW5JHYUx1x2UnXH8TC nxK6sacucvgZYrg8WGiwY+G0XOeB6A6QwNQnYs0aQdsiefbCZAMjUXsL4xVkT9j0PAD8 oSFYQWIBy+3mtGst/zQFN0tFz944lW6YnHLiiKljxR9sPzBn4VsStFBrljYlBV9vE43Y TgqZp679bDi4o7AZUiH9zZcMk1E8CcitN2T6OLmZ4PA40IW7fV3g/4rXsH5AXCs22VRN jaUA==
X-Gm-Message-State: ALoCoQnJKEJIrwv8BLOW7OAtbbPZU8GkZlH7nAxNV5Ee/wmBZIGV2X0P5WVj/ntWaiQUstkqO+kj
X-Received: by 10.66.55.41 with SMTP id o9mr71029358pap.148.1433444803784; Thu, 04 Jun 2015 12:06:43 -0700 (PDT)
Received: from fallout-2.local (ip-64-134-222-127.public.wayport.net. [64.134.222.127]) by mx.google.com with ESMTPSA id s1sm4552240pda.54.2015.06.04.12.06.42 for <ietf@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 04 Jun 2015 12:06:43 -0700 (PDT)
Message-ID: <5570A1E5.7050703@queuefull.net>
Date: Thu, 04 Jun 2015 12:07:17 -0700
From: Benson Schliesser <bensons@queuefull.net>
User-Agent: Postbox 4.0.1 (Macintosh/20150514)
MIME-Version: 1.0
To: "<ietf@ietf.org>" <ietf@ietf.org>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <0ab501d09e37$f4098980$dc1c9c80$@tndh.net> <556F6083.4080801@cs.tcd.ie> <0adf01d09e40$cf957b00$6ec07100$@tndh.net> <556F8339.5030002@cs.tcd.ie> <0b3901d09e73$7dad4740$7907d5c0$@tndh.net> <556FC594.1080900@gmail.com> <E6B6376E-9C27-41D5-94FF-BA98563C7A86@gmail.com> <71A519B0-1CC3-44DC-8E50-57FC9CB1DC6A@nominum.com>
In-Reply-To: <71A519B0-1CC3-44DC-8E50-57FC9CB1DC6A@nominum.com>
Content-Type: text/plain; charset=GB2312
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/WJhuHnnxdvS2gy66eAwaxJMgxkc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 19:06:45 -0000

Ted Lemon wrote:
> So why are we still arguing about this?

For whatever it's worth, my personal view is that the proposed statement
is useful in an administrative context, in determining how we should
construct IETF services / tools. Whether it is also part of a broader
political statement is not particularly relevant.

It makes sense to me that we should employ the technology that we
produce, as we recommend it to be employed by the larger Internet
community, regardless of the specific privacy needs of the IETF. So, I
don't think there is anything to argue about here. Unless somebody knows
of material issues in the technology, such as ways that the
recommendation will break things, it seems safe for the IESG to rely on
prior consensus (i.e. about privacy etc) to make this statement.

Cheers,
-Benson