I'm increasingly coming to think that *everything* should be done with TLS unless you can prove it's harmful. Call me paranoid, but given the general state of the world, secure-by-default seems like the way to go. -Tim On Fri, Aug 26, 2011 at 1:39 AM, t.petch <daedulus@xxxxxxxxxxxxx> wrote: > ----- Original Message ----- > From: "SM" <sm@xxxxxxxxxxxx> > To: "t.petch" <daedulus@xxxxxxxxxxxxx> > Cc: "IETF Discussion" <ietf@xxxxxxxx> > Subject: Re: https > > >> Hi Tom, >> At 00:18 26-08-2011, t.petch wrote: >> >Besides all the usual hassle of TLS, today the certificate is >> >reported by IE as >> >expired, which sort of sums it up. >> >> Already reported to ietf-action@. >> >> Regards, >> -sm >> >> P.S. My experience of ietf-action@ is that they are responsive and do >> fix problems that are reported. > > Yup, but why are we using https at all? Who decided, and please would they > undecide? Unexpired certificates can be circumvented, but all too often, the > https parts of the web site just do not work and, more importantly, I think it > wrong to use industrial grade security where none is called for. > > Tom Petch > > >> > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf