ietf
[Top] [All Lists]

Re: https at ietf.org

2013-11-08 01:41:19
On Thu, Nov 7, 2013 at 11:28 PM, Pranesh Prakash 
<pranesh(_at_)cis-india(_dot_)org>wrote:

Dave Cridland [2013-11-06 06:39]:
Requiring HTTPS, particularly with reasonable cipher suites, might
restrict
use of from certain jurisdictions.

Could we have more concrete examples, please?  Would these be because of
export restrictions?[1]  For instance, are there any jurisdictions from
where users have to disable the HTTPS by default option in Gmail?

 [1]: http://www.cryptolaw.org/


Examining this website for marginally less than a minute tells me that
encryption is generally banned in Saudi Arabia.

But that's really besides the point. If we "fixed" RFC 2817 support, we
could have opportunistic (better than nothing) crypto on *all* websites,
rather than forcing every website to deploy HTTPS-only - pretty good win
for privacy / anti-pervasive-surveillance.

That is, making encryption optional, but available everywhere, is a bigger
win than making it mandatory in a few places.

Dave.
<Prev in Thread] Current Thread [Next in Thread>