On 4/3/2015 5:23 PM, Paul Wouters wrote:
On Fri, 3 Apr 2015, Joe Touch wrote:
Yes, but it's also important IMO to allow HTTP access and not require
HTTPS.
I.e., the reason for the shift should not be to force use of a secure
connection. Some paths will drop anything they can't inspect, and
there's no reason to force that here for users who don't want it.
I don't think I agree. And neither does RFC 7258.
So you'd rather I can't get the file?
That's NOT what that RFC says. The RFC actually has no 2119 language in
it anyway.
If you are on a network that needs to MITM your HTTPS, it should run you
through their SOCKS / PROXY and install the right trust anchors on your
machine.
So let's say that "network" is run by your government, and they don't
want to do that. You're OK with denying access?
I don't think that's appropriate. Our documents are not "only for those
who have non-monitored access".
Joe