ietf
[Top] [All Lists]

Re: [IAB] Mandatory encryption as part of HTTP2

2013-11-15 08:43:16
Am 15.11.13 14:38, schrieb JFC Morfin:
because the IETF has no real-world power beyond the text of its
specifications.

That's also incorrect.

We have people working in the IETF who not just here to write documents but who actually have interest to implement the protocols and to deploy them. Of course, the entire eco-system is complex and every area of work has it's own challenges but we are constantly seeing IETF folks reaching out to implementers and communities who deploy IETF technology.

Just to give you one example: Peter, who had been working in the IETF on XMPP standards, recently distributed a manifesto, which encourages those who deploy XMPP servers to improve their security. Since he is in close contact with the XMPP community I expect that many will follow his call for action.

Here is the manifesto, in case you are interested: https://github.com/stpeter/manifesto/blob/master/manifesto.txt

He also created a test site, an IM Observatory, so you can get your XMPP security evaluated: http://xmpp.net/

What we do, however, need is more people who take action.

Ciao
Hannes