Subject: Re: https at ietf.org Date: Tue, Nov 05, 2013 at 05:35:39PM -0800 Quoting David Morris (dwm@xxxxxxxxx): > > I don't see reason to use https for delivery of public documents such > as RFCs and Internet Drafts. All that would really accomplish is > reduce caching opportunities. I'd like to chime in on the side of prefering https; quoting such reasons as layer separation (the transport should not decide based on content), paranoia (yesteryears paranoia is SOP this year), and indeed significantly dogfood. If we're not using this, what kind of message does this send? Also, ands this is an _important_ part: We do not need perfect security. We need to work on methods for raising the cost of the Panopticon. For every activity that does not need good robust security for some reason, we should make efforts so as to introduce a minimum of default, always-on privacy. The subscription to our mailing lists is still open, and the archives are freely accessible which sort of underlines the idea that not all encrypted activities are secret or illegal. They are just not up for grabs until so decided. Consequently, the other access methods may be implemented in their own leisure, as long as there is progress. The IETF MX host is, according to its greeting banner, using Postfix, where opportunistic TLS is so simple to activate that I have succeeded in my machine. I suggest this be done as soon as practical. Just because. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 My CODE of ETHICS is vacationing at famed SCHROON LAKE in upstate New York!!
Attachment:
signature.asc
Description: Digital signature