Re: Proposed Statement on "HTTPS everywhere for the IETF"
2015-06-02 06:56:04Hi Eliot, I think the work to be done is fairly obvious for most things, for example replacing http URIs with https URIs in new I-Ds, though HSTS over all our domains has a bit of trickiness. We'll also probably want to talk with the meetecho folks to see what can be done there, that makes sense to do. More generally, I'd expect this'll basically turn into a standing requirement (like IPv6) that the secretariat will build into consideration of ongoing or new work and it'll just be handled as we go. One thing we'll all want (I hope:-) to do is to go edit our bookmarks - I used have a load of those with http URIs and it's really easy to forget to update those. Cheers, S. On 02/06/15 06:40, Eliot Lear wrote:
This is what I get for sending BEFORE coffee: On 6/2/15 6:44 AM, Eliot Lear wrote:If I understand the intent of this statement, that this is for IETF services to be encrypted via TLS at this point in time, and that clear text will continue to be supported, then I strongly support that tooling approach, statement or no statement, being pursued by the secretariat. I support this approach not because the IETF communications contain massive amounts of private data (I wouldn't imagine this is not true)Make that "I would imagine this is not true." Eliot
signature.asc
Description: OpenPGP digital signature
| Previous by Date: | Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell |
|---|---|
| Next by Date: | Re: Proposed Statement on "HTTPS everywhere for the IETF", l.wood |
| Previous by Thread: | Re: Proposed Statement on "HTTPS everywhere for the IETF", Eliot Lear |
| Next by Thread: | Re: Proposed Statement on "HTTPS everywhere for the IETF", Xiaoyin Liu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |