Hi Tom! > -----Original Message----- > From: tom petch <daedulus@xxxxxxxxxxxxx> > Sent: Thursday, November 19, 2020 7:40 AM > To: Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>; Roman Danyliw > <rdd@xxxxxxxx>; Ned Freed <ned.freed@xxxxxxxxxxx> > Cc: ned+ietf@xxxxxxxxxxxxxxxxx; ietf@xxxxxxxx > Subject: TLS access Re: Call for Community Feedback: Retiring IETF FTP Service > > On 18/11/2020 22:43, Keith Moore wrote: > > On 11/18/20 4:17 PM, Roman Danyliw wrote: > > > >> [Roman] In case there is concern about the TLS configuration on > >> www.ietf.org <http://www.ietf.org>, it is quite permissive to ensure > >> flexibility . See > >> > https://www.ssllabs.com/ssltest/analyze.html?d=www.ietf.org&s=104.16.45.99 > &hideResults=on. > >> TLS v1.0 – 1.3 is supported. Likewise, the ciphersuites are > >> extremely generous. > > That is true for the main IETF site but not for the tools sites which is what I > imagine that almost everyone here will be concerned with. Understood. The good news is that tools.ietf is currently configured for TLS 1.0 - 1.2. FWIW, datatracker.ietf and www.ietf are the canonical repositories for the I-Ds and RFCs in the IETF. The full answer is that documents over HTTPS come from 3 domains and 6 formats (see the buttons next to "format" on the status tab of datatracker page): "plain text" = https://www.ietf.org/archive/id/*.txt "xml" = https://www.ietf.org/archive/id/*.xml "pdf" = https://tools.ietf.org/pdf/*.pdf "htmlized (tools) = https://tools.ietf.org/html/* "htmlize" = https://datatracker.ietf.org/doc/html/ native datatracker txt = https://datatracker.ietf.org/doc/* Per those 3 domains, the config is as follows: -- datatracker.ietf.org = TLS 1.0 - 1.2 -- www.ietf.org = TLS 1.0 - 1.3 -- tools.ietf.org. = TLS 1.0 - 1.2 Bottom line, if you have a browser or https library that implemented state-of-the-art as of 1999 (the publication date of TLS 1.0, RFC2246), you can reach all three domains over https -- so circa Internet Explorer v5 on Windows 98 SE, before MacOS, or Netscape 6. Since we're talking about these different domains, the original proposal [1] and the follow-up stats [2] said that HTTPS usage is being undercount. All of the prepared stats only counted traffic to tools.ietf.org, not datatracker or www.ietf. Therefore FTP traffic is an even smaller fraction of the overall access than previously discussed. Regards, Roman [1] https://www.ietf.org/media/documents/Retiring_IETF_FTP_Service.pdf [2] https://docs.google.com/document/d/1JAXspeaMWFl8ML3hSezFSM0VsJsHI4uyDlQ2dHip8jo/edit
