Re: Proposed Statement on "HTTPS everywhere for the IETF"

Hector Santos <hsantos@isdg.net> Sat, 06 June 2015 15:25 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0C921B330E for <ietf@ietfa.amsl.com>; Sat, 6 Jun 2015 08:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.537
X-Spam-Level:
X-Spam-Status: No, score=-95.537 tagged_above=-999 required=5 tests=[BAYES_99=3.5, BAYES_999=0.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJ2G8QFeOzPD for <ietf@ietfa.amsl.com>; Sat, 6 Jun 2015 08:25:36 -0700 (PDT)
Received: from pop3.winserver.com (mail.catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id A7EEB1B330A for <ietf@ietf.org>; Sat, 6 Jun 2015 08:25:36 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1295; t=1433604327; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=3heBBhZtGmH2UhyvmdOV+peqfOM=; b=Dxk19+WncnNuhrGtV2lzQZ8Zwr4zgABNMf5Vs0OxmvzhM1Xjp3lwr0mcUsag6a sLua5bxTZikNfwr5rytgeai8XLPztNgDeNkhq5yOHf1v76IAbMXdLJTPjCA+OlE1 MJR0+NX267VwH7Y0nrfaA3uvwc1u7EQO3xdk/FMJE8Swg=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sat, 06 Jun 2015 11:25:27 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; dmarc=pass policy=none author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 3019321939.3911.5260; Sat, 06 Jun 2015 11:25:25 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1295; t=1433604001; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=WQEAuvR fZULiwVNQd4ctA8i7+W3Q3p8foLp+vgf8gM4=; b=fkmCIbBwhN1f3uRx5K9HQAM NiL+h2aZURYvzU8YH4wwogD0irlJaG2W3kvxwatcZsPBEHM5KY3nJ8uenErMKptI CuYSIaMnMoZtmG88zcn/N22nNcmkPRXhn7EVHz1ChuMSXEY/C5HiDdKvVwPazwaO TWw0jEQMykCum5m853ZU=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sat, 06 Jun 2015 11:20:01 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1611569911.9.35188; Sat, 06 Jun 2015 11:20:00 -0400
Message-ID: <557310E6.4010109@isdg.net>
Date: Sat, 06 Jun 2015 11:25:26 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: "Niels Dettenbach (Syndicat.com)" <nd@syndicat.com>, Jari Arkko <jari.arkko@piuha.net>, IETF <ietf@ietf.org>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com> <1472054.O9DP0qoCQf@gongo> <556CBCF5.3060402@alvestrand.no> <1C4D741C-89EA-4973-8536-D6A02EFD7624@syndicat.com> <556D4C38.6060704@alvestrand.no> <1F11D864-2532-4971-9771-F8037989A9BB@piuha.net> <70AA892E-C97F-4EEA-9BB8-829F654FA57F@syndicat.com>
In-Reply-To: <70AA892E-C97F-4EEA-9BB8-829F654FA57F@syndicat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/XKe5UjoDOSx76JWP0XR2XxK2CEY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2015 15:25:38 -0000

On 6/2/2015 3:09 AM, Niels Dettenbach (Syndicat.com) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Am 2. Juni 2015 08:54:43 MESZ, schrieb Jari Arkko <jari.arkko@piuha.net>et>:
>> We will (and have) of course participate the broader discussion and
>> contribute technology that can help make the Internet more privacy
>> friendly. But that is more about the various solutions we produce,
>> such as improving efficiency of turning on crypto which HTTP/2 and
>> TLS 1.3 help, or fixing bad algorithms or issues in protocols. Lets
>> get to continuing that work!
>
> full ack,
> thanks
> +1

+1.

Design note to HTTPS implementations:

Figure out how to update an HTTPS client under a forced (redirected) 
HTTPS condition/environment where the client is failing because of 
deprecated, obsolete and now even removed SSL/TLS support options.  In 
other words, it can't update itself because of the new HTTPS forced 
conditions.  Example, Google Chrome.  It could not update because the 
HTTPS URL was failing due the browser seeing an erroneous "Invalid 
Certificate" display with no option to accept, temporary or otherwise. 
  You have to download via another browser that isn't so strict, yet.

I guess that would go under a "chicken and egg" problem.

--
HLS