Re: Proposed Statement on "HTTPS everywhere for the IETF"

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Wed, 03 June 2015 18:31 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C6641AD068 for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 11:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.511
X-Spam-Level:
X-Spam-Status: No, score=-114.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xU-8aH3H0MK for <ietf@ietfa.amsl.com>; Wed, 3 Jun 2015 11:31:18 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50E761A9051 for <ietf@ietf.org>; Wed, 3 Jun 2015 11:31:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1264; q=dns/txt; s=iport; t=1433356275; x=1434565875; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=h6vQyo360ROr6inr88j0fguZcswCJaqhMfdiyIkJHGk=; b=LTcgKSFzeNW8sATPZ9TVks7oTmSIYA3Rx1jg7mFA7yqwSnxd1JjhaIg0 2/8R/Aj7n3/OIEd+24Zw4GptYjZjxGz5hrF4N4q9J184d8vIddjUaTm7F cM2spNwcd6m85cvM3BHYfpL+D4d/ogSplZOp6fXGfxTcY0Vkf2YnFzcn5 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A8BABAR29V/4YNJK1bgxBUXga+UgmBWoV3AoFEOBQBAQEBAQEBgQqEIgEBAQMBOkQLAgEIGB4QMiUCBBMUiBEIDdtaAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwSLQ4RTOoMXgRYFkxSEOYZmgS6Dc5IjJGGDF28BgUWBAQEBAQ
X-IronPort-AV: E=Sophos;i="5.13,548,1427760000"; d="scan'208";a="4254318"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-1.cisco.com with ESMTP; 03 Jun 2015 18:31:14 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com [173.36.12.89]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id t53IVE4M024068 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <ietf@ietf.org>; Wed, 3 Jun 2015 18:31:14 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.166]) by xhc-aln-x15.cisco.com ([173.36.12.89]) with mapi id 14.03.0195.001; Wed, 3 Jun 2015 13:31:14 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
Thread-Topic: Proposed Statement on "HTTPS everywhere for the IETF"
Thread-Index: AQHQnit4wmonoDXhUUWxD1TzjdlyzA==
Date: Wed, 3 Jun 2015 18:31:13 +0000
Message-ID: <543B4D57-C84C-49B7-B108-827333434F72@cisco.com>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com>
In-Reply-To: <20150601164359.29999.35343.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.165]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <0148DF24362BC0449C7B6F2860A3939F@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/cE3NFCtgi7X-y3sr-tz0y44Uics>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 18:31:19 -0000

This is too little too late. 

This wishy washy "we believe in security but don't like to actually use it ourselves" is not the leadership IETF should be providing to the internet. The internet has already been harmed by too many years of security that is not turned on. 

Take a hum at next plenary and find out if people want the IETF to actually use security or not.



> On Jun 1, 2015, at 10:43 AM, The IESG <iesg@ietf.org> wrote:
> 
> Hi All,
> 
> The IESG are planning to agree an IESG statement on "HTTPS Everywhere
> for the IETF," please see [1] for the current text.
> 
> We are seeking community feedback on this and welcome assistance
> from the community in identifying any cases where a change or
> additional guidance is needed to put this into effect.
> 
> The IESG plans to finalise this statement just after IETF-93 in Prague.
> 
> * Please send general feedback intended for discussion to ietf@ietf.org
> 
> * Comments about specific issues arising can be sent to iesg@ietf.org
> or tools-discuss@ietf.org as appropriate (use iesg@ietf.org if not sure)
> 
> Regards,
> Terry & Stephen (for the IESG)
> 
> [1] https://trac.tools.ietf.org/group/iesg/trac/wiki/HttpsEverywhere
>