On Tue, Nov 10, 2020 at 06:15:03PM +0000, Salz, Rich wrote:
> > Transferring files that are not HyperText files using HTTP is in poor taste, much like eating salad with a fork that is not a salad fork.
>
> Strongly disagree.
>
> Particularly when HTTPS is used, you get privacy and an *authenticated connection* to the server. FTP doesn't have that, and while SFTP or FTPS do, they are not trivial to set up.
How does this make FTP the better salad fork ?
I may not want encryption because it reduces my bulk download speed,
yet ietf does not even give me http download option but forces https.
My client needs to do directory screen scraping to know whats on the
server with HTTP.
IETF content is public. I may not even want/need to download it from
*.ietf.org, i may prefer a faster mirror:
Its a pretty bad "Inernet" security design to expect authenticity of content
by having authenticity of transport. That type of strict 1:1 authenticity
maping better suits walled garden solutions.
IMHO: all IETF documents should better have an IETF/RFC-editor signature
on them, like we do for S/MIME (not sure if there are good standards
for such document signatures for the most important docs: XML, Text,
email(box).
Cheers
Toerless
