On Jun 4, 2015, at 6:27 AM, Brian E Carpenter
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
I never argued that there is not a general threat to privacy due to
recording, just that it does not apply here. My point was that the IETF does
not have a general technical REQUIREMENT for privacy. There are many that
WANT privacy in everything they do, but that does not equate to a real
requirement for the public content of an open organization. Substituting
security&pirvacy only makes a bad choice of words worse. The IETF has no
business case for either, and if there was a case something would have been
done about it long before now.
It isn't the content that is private, of course. However, if there are IETF
participants who require a degree of privacy about their use of IETF public
information, it is entirely reasonable for the IETF to support that with a
straightforward measure like HTTPS. As has been pointed out already, that
is insufficient to provide a high degree of privacy.
That’s a big “if”. I don’t believe there are IETF participants who require
privacy about accessing IETF information.
Try "...the act of accessing public information required for routine tasks
can be privacy sensitive *on the user's side*…"
This is very true for Wikipedia, very true about news sites and many other
sites. Not the IETF.
I don't see anything political about that. It's factual.
The statement (made by Richard Barnes, not by the IESG) that the IETF should
lead by example and move to all HTTPS is very political. The proposal
prioritizes the concerns of some group (small or large) and levies a burden on
the entire community (TLS is not free; finding www.cleartext.ietf.org takes
effort). That is a political decision. It’s a small one. I agree with John
Klensin that this is something the IESG could (and should) have done on its own
without starting a discussion on a proposed statement.
Yoav