ietf
[Top] [All Lists]

Re: https

2011-08-26 09:41:39


--On Friday, August 26, 2011 09:43 -0400 Donald Eastlake
<d3e3e3(_at_)gmail(_dot_)com> wrote:

Yup, but why are we using https at all?  Who decided, and
please would they undecide?  Unexpired certificates can be
circumvented, but all too often, the https parts of the web
site just do not work and, more importantly, I think it wrong
to use industrial grade security where none is called for.

The mail archives (and the minutes of the physical meetings)
are the official record of the Working Groups, IETF, etc.
Those archives should be available with a reasonably high
level of integrity and authenticity.

Don,

If that is the goal, wouldn't we be lots better off just
digitally signing those things, just as we are gradually
starting to create signatures for I-Ds, etc.?  Verifying that
one is talking to the right server and that the content is not
tampered with in transit is all well and good, but it doesn't
protect against compromised documents or a compromised server at
all.

   john



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>