On 11/05/2013 04:34 PM, Tim Bray wrote:
Wouldn’t it be a good idea for everything at *.ietf.org
<http://ietf.org> to be served by HTTPS, and only by HTTPS?
Having read the thread, some thoughts for what they are worth.
IMO, as long as the substance of the RFCs themselves (and other
appropriate material) are available over some channel that does not
require encryption (say FTP for instance) I don't see any reason not to
force https instead of http on IETF-related web sites. As others have
pointed out however most resources are already available via https, so
as a community we should probably be advertising that more widely,
including using the https link wherever possible.
On a more practical level, I use the excellent Firefox search plugin for
the tools site which is number 5 on the list here:
http://mycroftproject.com/search-engines.html?name=rfc
It does this for searches (after my modification to use https):
https://tools.ietf.org/html/{searchTerms}
However when the results come back it's on an http page, instead of
https. It would be nice if that redirect either always used https, or
used https if it were called that way.
hth,
Doug