ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: https

2011-08-26 09:36:48
from [t.petch] [Permanent Link] 

----- Original Message -----
From: "Donald Eastlake" <d3e3e3(_at_)gmail(_dot_)com>
To: "t.petch" <daedulus(_at_)btconnect(_dot_)com>
Cc: "IETF Discussion" <ietf(_at_)ietf(_dot_)org>
Sent: Friday, August 26, 2011 3:43 PM
On Fri, Aug 26, 2011 at 4:39 AM, t.petch <daedulus(_at_)btconnect(_dot_)com> 
wrote:

----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
To: "t.petch" <daedulus(_at_)btconnect(_dot_)com>
Cc: "IETF Discussion" <ietf(_at_)ietf(_dot_)org>



Hi Tom,
At 00:18 26-08-2011, t.petch wrote:

Besides all the usual hassle of TLS, today the certificate is
reported by IE as
expired, which sort of sums it up.


Already reported to ietf-action@.

Regards,
-sm

P.S. My experience of ietf-action@ is that they are responsive and do
fix problems that are reported.


Yup, but why are we using https at all? Who decided, and please would they
undecide? Unexpired certificates can be circumvented, but all too often, the
https parts of the web site just do not work and, more importantly, I think it
wrong to use industrial grade security where none is called for.


The mail archives (and the minutes of the physical meetings) are the
official record of the Working Groups, IETF, etc. Those archives
should be available with a reasonably high level of integrity and
authenticity.

<tp>
Yeeees but for the mail archives they provide authenticity and integrity only as
far as the Man In The Middle, namely the IETF server/process; this adds a
spurious, to me, impression of security for e-mails that could have come from
anyone masquerading as anyone.  And when there is some defence against
masquerade - DKIM (and yes I know what it does and its limitations) - then the
DKIM signature is invalidated by the list process, that MITM again.

If there are requirements for archives to be provided with a degree of trust, eg
in response to a subpoena, then that should be a separate process, leaving us
ordinary folk to access them in a simple and straighforward manner.

Tom Petch







Thanks,
Donald
=============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3(_at_)gmail(_dot_)com


Tom Petch






_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: https, Tim Bray
Next by Date:  Re: https, John C Klensin
Previous by Thread:  Re: https, Donald Eastlake
Next by Thread:  Re: https, John C Klensin
Indexes:  [Date] [Thread] [Top] [All Lists]