[Vcon] HTTPS only for externally referenced files
Laura Orvokki Kursula <lav@vampires.gay> Wed, 17 April 2024 06:54 UTC
Return-Path: <lav@vampires.gay>
X-Original-To: vcon@ietfa.amsl.com
Delivered-To: vcon@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA978C14F6B7 for <vcon@ietfa.amsl.com>; Tue, 16 Apr 2024 23:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vampires.gay
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmdhJBoiI02U for <vcon@ietfa.amsl.com>; Tue, 16 Apr 2024 23:54:10 -0700 (PDT)
Received: from mail.vampires.gay (vampires.gay [IPv6:2a05:f480:1000:c48:5400:4ff:fe57:d2e3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2B3C14F6B4 for <vcon@ietf.org>; Tue, 16 Apr 2024 23:54:10 -0700 (PDT)
Date: Wed, 17 Apr 2024 08:54:00 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vampires.gay; s=mail; t=1713336847; bh=twrxn3tmt3BeV4NwEcs0djM5KjJZgjGmZWx64y+cz4Y=; h=Date:From:To:Subject:From; b=csCfUtMTxfFXfeJGxsvcO/7LEPWjA6eCA+qkSeWr82/TZ9+P1DKEMDx4CtdghrX87 1icbULEW9ds15TkhNcVpkhL/1aylmjq9Dyw8m2bE+aeOUIe5WPDRkTVimOtgBNpjK/ +Tx6KnyYySzBDm8cteNsNBG4q6ZRlnRYM6Dm5OU15ou2/nrfDStYvB1OpHwprL8hf+ 7TCR+Sic7tHUU+oyUeIZ54YuPA6cVRuxqmsy/8lUcBFkvmwtIoIfcRdT+no8ypYUQD fw6Eb8WRk3xXCxWiRup3GAUCbEcmgZEZGG5oW2mzAQhoR/gBvw3dsj2JmBDUI7F3RY yiVZbq5Hi/JKA==
From: Laura Orvokki Kursula <lav@vampires.gay>
To: vcon@ietf.org
Message-ID: <Zh9yCE0MO2J5z15J@laurabook.local>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="tt6AgtcCPWPKl2BI"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/vcon/427O6tr1A3PuOhUTEg-hoHyn_LE>
Subject: [Vcon] HTTPS only for externally referenced files
X-BeenThere: vcon@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: container for conversation data <vcon.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcon>, <mailto:vcon-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vcon/>
List-Post: <mailto:vcon@ietf.org>
List-Help: <mailto:vcon-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcon>, <mailto:vcon-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 06:58:37 -0000
Good day everyone,
I recently came upon this project by chance, and I find it really interesting!
Reading the draft, it caught my attention that it requires the use of HTTPS for
externally referenced files for confidentiality reasons (as a MUST in section
2.4.1 and as a SHOULD in section 5). I'm wondering whether there is a specific
reason to require HTTPS over other secure means of transfering files -- I could
imagine that another protocol could be more expedient for some users. What do
others on this list think about this? I hope I am doing this correctly, since I
am new to IETF things.
Kindest regards,
Laura Orvokki Kursula
--
vCard:
https://vampires.gay/laura.vcf
PGP:
https://vampires.gay/keys/laura.asc
6710 55FA EFAB B442 44C4 F96F 3537 89E9 466D 09A8
- [Vcon] HTTPS only for externally referenced files Laura Orvokki Kursula
- Re: [Vcon] HTTPS only for externally referenced f… Thomas Howe