----- Original Message ----- From: "Donald Eastlake" <d3e3e3@xxxxxxxxx> To: "t.petch" <daedulus@xxxxxxxxxxxxx> Cc: "IETF Discussion" <ietf@xxxxxxxx> Sent: Friday, August 26, 2011 3:43 PM On Fri, Aug 26, 2011 at 4:39 AM, t.petch <daedulus@xxxxxxxxxxxxx> wrote: > ----- Original Message ----- > From: "SM" <sm@xxxxxxxxxxxx> > To: "t.petch" <daedulus@xxxxxxxxxxxxx> > Cc: "IETF Discussion" <ietf@xxxxxxxx> > > >> Hi Tom, >> At 00:18 26-08-2011, t.petch wrote: >> >Besides all the usual hassle of TLS, today the certificate is >> >reported by IE as >> >expired, which sort of sums it up. >> >> Already reported to ietf-action@. >> >> Regards, >> -sm >> >> P.S. My experience of ietf-action@ is that they are responsive and do >> fix problems that are reported. > > Yup, but why are we using https at all? Who decided, and please would they > undecide? Unexpired certificates can be circumvented, but all too often, the > https parts of the web site just do not work and, more importantly, I think it > wrong to use industrial grade security where none is called for. The mail archives (and the minutes of the physical meetings) are the official record of the Working Groups, IETF, etc. Those archives should be available with a reasonably high level of integrity and authenticity. <tp> Yeeees but for the mail archives they provide authenticity and integrity only as far as the Man In The Middle, namely the IETF server/process; this adds a spurious, to me, impression of security for e-mails that could have come from anyone masquerading as anyone. And when there is some defence against masquerade - DKIM (and yes I know what it does and its limitations) - then the DKIM signature is invalidated by the list process, that MITM again. If there are requirements for archives to be provided with a degree of trust, eg in response to a subpoena, then that should be a separate process, leaving us ordinary folk to access them in a simple and straighforward manner. Tom Petch Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@xxxxxxxxx > Tom Petch > > >> > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf