Re: Proposed Statement on "HTTPS everywhere for the IETF"

Richard Barnes <rlb@ipv.sx> Tue, 02 June 2015 21:19 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC641B30AC for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:19:16 -0700 (PDT)
X-Quarantine-ID: <7jSaWEl2BTrp>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains text/plain,.exe
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jSaWEl2BTrp for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:19:14 -0700 (PDT)
Received: from mail-la0-f53.google.com (mail-la0-f53.google.com [209.85.215.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744D81B30A9 for <ietf@ietf.org>; Tue, 2 Jun 2015 14:19:14 -0700 (PDT)
Received: by laew7 with SMTP id w7so43441744lae.1 for <ietf@ietf.org>; Tue, 02 Jun 2015 14:19:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=/wWfWj3d0lbvQLo9QGnefCtuCfALUKTi4q3sXsxT9eU=; b=JRCRqSVm9YgNfE0wbzSOCQChPz98WM4p1m+ub6Tdl9in1aYHVzJo1osjEJ14Bcucjd //9M/6CxcqDz5fQ05skK1BjGlcgYlZ0bmaECWCTYJA/ZWoVm8+5jFkjuvTnk3EUB2eP5 xb+1JXsSYCmJqDbC+B4yAjk9i45DKF7bqeoi/GssYQqOyPl3kwZ/6mqfz+7D3tQcGP7G 5fboasIlFipayQ+Ow5Bz0ureYs6OdtvKlzibJGmX2JnD/9dkVM1UmDZVeohYFeWIuken Yym2CCi6ole03MxFB6tt3BgOJK0NL62hvqXr2lq4/q85jB43clGNDu8eQbt5IfdX/5YA GOLQ==
X-Gm-Message-State: ALoCoQktu/gpIDZu/KF2L9sTpgztYJnz7tSm9McW0rCOslU7QhYya/SS+iCW2e+McQM1ne3FsLdy
MIME-Version: 1.0
X-Received: by 10.152.21.65 with SMTP id t1mr26064356lae.49.1433279952832; Tue, 02 Jun 2015 14:19:12 -0700 (PDT)
Received: by 10.25.214.162 with HTTP; Tue, 2 Jun 2015 14:19:12 -0700 (PDT)
In-Reply-To: <556DFCF7.3020607@isi.edu>
References: <20150601164359.29999.35343.idtracker@ietfa.amsl.com> <CAL02cgRPFooA5fVFwvdprb3wPD+Y55pD+7RWjkACDv7T_TBW5Q@mail.gmail.com> <556DE0EF.2040809@isi.edu> <CAL02cgSdSFOaDqz9+jAZ7KsoMXOa5u=ff_i=c3EQ-SG0-ZPG7A@mail.gmail.com> <556DFCF7.3020607@isi.edu>
Date: Tue, 2 Jun 2015 17:19:12 -0400
Message-ID: <CAL02cgSOWpV51mQUdmeFwJaDS1fDWfG5Du4tRGgVW8OtvR1z3Q@mail.gmail.com>
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"
From: Richard Barnes <rlb@ipv.sx>
To: Joe Touch <touch@isi.edu>
Content-Type: multipart/alternative; boundary=089e013d17b073ee4005178f7e30
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/h5jYguW-2U45VkR8xQj2Ao1GG98>
Cc: "ietf@ietf.org" <ietf@ietf.org>, IETF Announcement List <ietf-announce@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 21:19:16 -0000

On Tue, Jun 2, 2015 at 2:59 PM, Joe Touch <touch@isi.edu> wrote:

>
>
> On 6/2/2015 11:51 AM, Richard Barnes wrote:
> >
> >
> > On Tue, Jun 2, 2015 at 12:59 PM, Joe Touch <touch@isi.edu
> > <mailto:touch@isi.edu>> wrote:
> >
> >     On 6/1/2015 10:16 AM, Richard Barnes wrote:
> >     > Do it.  Do it boldly and fearlessly.  Make the statement and
> implement it.
> >     >
> >     ...
> >     > Don't be tied to legacy.  Anything that doesn't support HTTPS at
> this
> >     > point needs to upgrade and deserves to be broken.
> >
> >     Leaving out the have-nots - or those whose access is blocked by
> others
> >     when content cannot be scanned - isn't moving forward.
> >
> >
> > [citation-required]
> >
> > Where is this place where the entire HTTPS web is not accessible?
>
> http://en.wikipedia.org/wiki/Censorship_of_Wikipedia
>
> Search for HTTPS.
>

This is all that that search turns up:
"""
Chinese authorities started blocking access to the secure (https) version
of the site on 31 May 2013, although the non-secure (http) version is still
available – the latter is vulnerable to keyword filtering allowing
individual articles to be selectively blocked. Greatfire urged Wikipedia
and users to circumvent the block by using https access to other IP
addresses owned by Wikipedia.
"""

If censors want to block the IETF website, they can do it with or without
HTTPS.  Non-secure HTTP just gives them more information.

Try again?

--Richard



>
> > How do they do their banking, or buy things?
>
> Often through state-run companies (i.e., whose HTTPS content they can
> screen).
>
> Joe
>