On Aug 26, 2011, at 3:22 PM, Adam Novak wrote: > On Fri, Aug 26, 2011 at 1:12 PM, Ned Freed <ned.freed@xxxxxxxxxxx> wrote: >>> It ensures that what you're getting is the same as what the IETF has >>> on file, >> >> No, it really doesn't do that. There can be, and usually are, a lot of steps >> involves besides the one https hop. >> > > What other steps are there? HTTPS prevents what the web server sends > from being tampered with on its way to the browser. If the web server > storing the archives is itself trusted, this would seem to be all that > is needed. There can be web proxies on the front end (if the client is configured to use them) and the web server itself can be implemented in such a way as to retrieve content from other servers (via a number of means, e.g. NFS, CIFS, web services calls, sql calls). Though I don't know whether the latter is the case for content served from IETF's servers. Keith _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf