--On Friday, August 26, 2011 09:43 -0400 Donald Eastlake
<d3e3e3(_at_)gmail(_dot_)com> wrote:
Yup, but why are we using https at all? Who decided, and
please would they undecide? Unexpired certificates can be
circumvented, but all too often, the https parts of the web
site just do not work and, more importantly, I think it wrong
to use industrial grade security where none is called for.
The mail archives (and the minutes of the physical meetings)
are the official record of the Working Groups, IETF, etc.
Those archives should be available with a reasonably high
level of integrity and authenticity.
Don,
If that is the goal, wouldn't we be lots better off just
digitally signing those things, just as we are gradually
starting to create signatures for I-Ds, etc.? Verifying that
one is talking to the right server and that the content is not
tampered with in transit is all well and good, but it doesn't
protect against compromised documents or a compromised server at
all.
+1. If you want signatures, do them properly. Don't pretend a transfer
protection mechanism covering exactly one hop provides real object security,
because it doesn't.
And as for the "encrypt so the really secret stuff doesn't stand out" argument,
that's fine as long as it doesn't cause inconvenience to anyone. That's clearly
not the case here. And I'm sorry, the "mistakes were made" notion doesn't
really fly: Certificates aren't a "set it and forget it" thing, so if you
haven't noted expiration dates on someone's to-do list so they can be updated
before expiration, you're not doing it right.
Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf