ietf
[Top] [All Lists]

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-01 19:57:59
At 09:43 01-06-2015, The IESG wrote:
The IESG are planning to agree an IESG statement on "HTTPS Everywhere
for the IETF," please see [1] for the current text.

The rules for "HTTPS Everywhere" are:

  from "^http://(www\.)?ietf\.org/" to "https://www.ietf.org/";
  from "^http://(tools|datatracker)\.ietf\.org/" to "https://$1.ietf.org/";

My reading of the proposed statement is that "all IETF information must, by default, be made available in a privacy friendly form" (HTTPS [1]) and that "all links to such information (e.g. href's in html) should default to causing access via" HTTPS [1]. Is the first part of that some kind of rewrite rule on the server-side?

I did a quick test by accessing www.ietf.org and it took about two seconds without the "S" and about seven seconds with the "S". The extra seconds is a bit slow but it is okay if the objective is to have some confidentiality. The note in the proposed statement covers more than the title of the proposed statement.

Regards,
S. Moonesamy

1. HTTPS URIs and appropriate TLS cipher-suites

<Prev in Thread] Current Thread [Next in Thread>