Re: https at ietf.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 7, 2013 at 11:28 PM, Pranesh Prakash <pranesh@xxxxxxxxxxxxx> wrote:
Dave Cridland [2013-11-06 06:39]:
> Requiring HTTPS, particularly with reasonable cipher suites, might restrict
> use of from certain jurisdictions.

Could we have more concrete examples, please?  Would these be because of
export restrictions?[1]  For instance, are there any jurisdictions from
where users have to disable the HTTPS by default option in Gmail?

 [1]: http://www.cryptolaw.org/

Examining this website for marginally less than a minute tells me that encryption is generally banned in Saudi Arabia.

But that's really besides the point. If we "fixed" RFC 2817 support, we could have opportunistic (better than nothing) crypto on *all* websites, rather than forcing every website to deploy HTTPS-only - pretty good win for privacy / anti-pervasive-surveillance.

That is, making encryption optional, but available everywhere, is a bigger win than making it mandatory in a few places.

Dave.

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]