On 11/17/20 11:10 AM, Roman Danyliw wrote:
Hi Jared!
-----Original Message-----
From: ietf <ietf-bounces@xxxxxxxx> On Behalf Of Jared Mauch
Sent: Tuesday, November 17, 2020 11:02 AM
To: Adam Roach <adam@xxxxxxxxxxx>
Cc: Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>; ietf@xxxxxxxx
Subject: Re: Call for Community Feedback: Retiring IETF FTP Service
On Tue, Nov 17, 2020 at 09:57:34AM -0600, Adam Roach wrote:
On 11/17/20 09:45, Keith Moore wrote:
Are those web browsers that are deprecating FTP also deprecating
HTTP without TLS?
Yes.
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-ht
tp/
https://www.chromium.org/Home/chromium-security/marking-http-as-non-
se
cure
There's a difference between preferring https vs http and pulling http
support entirely. There's many devices that will never get https, upgrades or
certificates.
I can see this point in the abstract. Can you help me in the specific -- what is the expected configuration of device accessing IETF resources which is not HTTPS capable?
Old CPE firewalls that proxy the user request and cannot support http?
But with other services all moving to https, I suspect they are rapidly
being upgraded.
Initial proxy authentication is a problem, though.
