Subject: Re: https at ietf.org Date: Tue, Nov 05, 2013 at 05:35:39PM -0800
Quoting David Morris (dwm(_at_)xpasc(_dot_)com):
I don't see reason to use https for delivery of public documents such
as RFCs and Internet Drafts. All that would really accomplish is
reduce caching opportunities.
I'd like to chime in on the side of prefering https; quoting such reasons
as layer separation (the transport should not decide based on content),
paranoia (yesteryears paranoia is SOP this year), and indeed significantly
dogfood. If we're not using this, what kind of message does this send?
Also, ands this is an _important_ part: We do not need perfect
security. We need to work on methods for raising the cost of the
Panopticon. For every activity that does not need good robust security
for some reason, we should make efforts so as to introduce a minimum
of default, always-on privacy. The subscription to our mailing lists
is still open, and the archives are freely accessible which sort of
underlines the idea that not all encrypted activities are secret or
illegal. They are just not up for grabs until so decided.
Consequently, the other access methods may be implemented in their own
leisure, as long as there is progress. The IETF MX host is, according to
its greeting banner, using Postfix, where opportunistic TLS is so simple
to activate that I have succeeded in my machine. I suggest this be done
as soon as practical. Just because.
--
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
My CODE of ETHICS is vacationing at famed SCHROON LAKE in upstate New York!!
signature.asc
Description: Digital signature