Re: Proposed Statement on "HTTPS everywhere for the IETF"

ietf

Re: Proposed Statement on "HTTPS everywhere for the IETF"

2015-06-02 07:01:24

from [l.wood]

see TimBL's "don't break the web" request to keep the uris the same, regardless 
of method of access.

http://www.w3.org/DesignIssues/Security-NotTheS.html
________________________________________
From: ietf <ietf-bounces(_at_)ietf(_dot_)org> on behalf of Jari Arkko 
<jari(_dot_)arkko(_at_)piuha(_dot_)net>
Sent: Tuesday, 2 June 2015 9:41:08 PM
To: Mark Nottingham
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Proposed Statement on "HTTPS everywhere for the IETF"

Mark:

I support this policy.


Thanks.

I'd suggest that if it's felt that cleartext content needs to be available, 
it NOT be at <http://www.ietf.org/> (and similar); it should be on a 
different hostname; e.g., <http://www.cleartext.ietf.org/>. The http version 
of the URL should 301 to the corresponding https resource, and HSTS should be 
in use.


That’s very good feedback - thanks. We will take it into consideration.

Jari

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Proposed Statement on "HTTPS everywhere for the IETF", (continued) Re: Proposed Statement on "HTTPS everywhere for the IETF", Phillip Hallam-Baker Re: Proposed Statement on "HTTPS everywhere for the IETF", Nico Williams Re: Proposed Statement on "HTTPS everywhere for the IETF", S Moonesamy Re: Proposed Statement on "HTTPS everywhere for the IETF", Eliot Lear Re: Proposed Statement on "HTTPS everywhere for the IETF", Eliot Lear Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell Re: Proposed Statement on "HTTPS everywhere for the IETF", Xiaoyin Liu Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell Re: Proposed Statement on "HTTPS everywhere for the IETF", Mark Nottingham Re: Proposed Statement on "HTTPS everywhere for the IETF", Jari Arkko Re: Proposed Statement on "HTTPS everywhere for the IETF", l.wood <= Re: Proposed Statement on "HTTPS everywhere for the IETF", Ted Lemon Re: Proposed Statement on "HTTPS everywhere for the IETF", Stewart Bryant Re: Proposed Statement on "HTTPS everywhere for the IETF", Brian E Carpenter Re: Proposed Statement on "HTTPS everywhere for the IETF", Cullen Jennings (fluffy) Re: Proposed Statement on "HTTPS everywhere for the IETF", Niels Dettenbach Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell Re: Proposed Statement on "HTTPS everywhere for the IETF", Cullen Jennings (fluffy) Re: Proposed Statement on "HTTPS everywhere for the IETF", John C Klensin Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell Re: Proposed Statement on "HTTPS everywhere for the IETF", John C Klensin

Previous by Date:	Re: Proposed Statement on "HTTPS everywhere for the IETF", Stephen Farrell
Next by Date:	When is the next USA location meeting?, Hector Santos
Previous by Thread:	Re: Proposed Statement on "HTTPS everywhere for the IETF", Jari Arkko
Next by Thread:	Re: Proposed Statement on "HTTPS everywhere for the IETF", Ted Lemon
Indexes:	[Date] [Thread] [Top] [All Lists]