Hi John! > -----Original Message----- > From: Roman Danyliw > Sent: Wednesday, November 11, 2020 9:33 AM > To: 'John C Klensin' <john-ietf@xxxxxxx>; 'Scott O. Bradner' <sob@xxxxxxxxx>; > 'ietf@xxxxxxxx' <ietf@xxxxxxxx> > Cc: 'iesg@xxxxxxxx' <iesg@xxxxxxxx> > Subject: RE: Call for Community Feedback: Retiring IETF FTP Service > > Hi John! > > > -----Original Message----- > > From: Roman Danyliw > > Sent: Tuesday, November 10, 2020 12:19 PM > > To: 'John C Klensin' <john-ietf@xxxxxxx>; Scott O. Bradner > > <sob@xxxxxxxxx>; ietf@xxxxxxxx > > Cc: iesg@xxxxxxxx > > Subject: RE: Call for Community Feedback: Retiring IETF FTP Service > > > > Hi John! > > > > > -----Original Message----- > > > From: ietf <ietf-bounces@xxxxxxxx> On Behalf Of John C Klensin > > > Sent: Tuesday, November 10, 2020 8:02 AM > > > To: Scott O. Bradner <sob@xxxxxxxxx>; ietf@xxxxxxxx > > > Cc: iesg@xxxxxxxx > > > Subject: Re: Call for Community Feedback: Retiring IETF FTP Service > > > > > > +1 > > > > > > And, while I suspect my scripts are less complicated than > > > Scott's, I do have them and am dependent on them. So two > > > additional thoughts: > > > > > > (i) I know the conventional wisdom in the IETF is to obsolete HTTP > > > in favor of HTTPS. However, if conversation is necessary, > > > conversion from FTP to simple, no negotiation HTTP is likely to be > > > lots easier the conversation to HTTPS, certificate handling, etc. > > > So, while the report seems to circle around this a bit, if FTP is > > > discontinued, will we be assured that plain HTTP access will be > > > available long-term rather than those who do convert waking up one > > > day and discovering that > > HTTP is being discontinued because HTTPS is more virtuous? > > > > To be clear, the proposal is completely reductive -- spinning down > > FTP. The posture of HTTP vs. HTTPs is outside the scope of this > > proposal and would be a separate community discussion to change that > > (and I'm not aware of this being under consideration). > > I was privately reminded of a particular nuance that I wanted to make note of > publicly -- IETF web properties (www.ietf.org, datracker.ietf.org, etc.) are all > already HTTPS only, and has been the case for several years. And to clarify further, "several years" ago was 2015 per https://www.ietf.org/about/groups/iesg/statements/maximizing-encrypted-access/ Roman
