Re: Proposed Statement on "HTTPS everywhere for the IETF"

Jari Arkko <jari.arkko@piuha.net> Tue, 02 June 2015 11:41 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DF981A1B1D for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 04:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOu7rsl6_izo for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 04:41:11 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id B1EB61ACDC5 for <ietf@ietf.org>; Tue, 2 Jun 2015 04:41:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 3B4772CED3; Tue, 2 Jun 2015 14:41:09 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWkNxQk171mm; Tue, 2 Jun 2015 14:41:08 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 9167E2CC6F; Tue, 2 Jun 2015 14:41:08 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
Content-Type: multipart/signed; boundary="Apple-Mail=_20624340-4083-446D-B13F-A2055768FC19"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <3383C786-8549-4356-99A4-75786B3CCD83@mnot.net>
Date: Tue, 2 Jun 2015 14:41:08 +0300
Message-Id: <249FA10E-1BFA-4DB4-A42F-8D3B74866F97@piuha.net>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <3383C786-8549-4356-99A4-75786B3CCD83@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/bRtJBUgZAxdsznM_Erk7_h2vguY>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 11:41:13 -0000

Mark:

> I support this policy.

Thanks.

> I'd suggest that if it's felt that cleartext content needs to be available, it NOT be at <http://www.ietf.org/> (and similar); it should be on a different hostname; e.g., <http://www.cleartext.ietf.org/>. The http version of the URL should 301 to the corresponding https resource, and HSTS should be in use. 

That’s very good feedback - thanks. We will take it into consideration.

Jari