Yup, but why are we using https at all? Who decided, and please would they
undecide? Unexpired certificates can be circumvented, but all too often, the
https parts of the web site just do not work and, more importantly, I think it
wrong to use industrial grade security where none is called for.
I agree with Tom here. In my understanding, all IETF communications
and (mailing list) discussions are open and public.
So why do we need to protect/encrypt?
I would say: protect what must be protected
but don't protect what is not supposed to be protected.
just encrypting everything seems incorrect to me.
Bert
Tom Petch
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf