"nonetheless access to that data should use best practices for security and privacy." why? " New services will however generally only be made available in ways that use security protocols such as TLS." again, why? secured access is limited access, which is counter to the goal of an open Internet. thanks Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf [ietf-bounces@xxxxxxxx] On Behalf Of Stephen Farrell [stephen.farrell@xxxxxxxxx] Sent: 03 April 2014 17:21 To: IETF-Discussion Subject: Security for various IETF services Hi all, >From time to time the issue of how to secure IETF services comes up e.g. whether to turn on TLS for some IETF web server or jabber or mail etc. The most recent such was a request to turn on HSTS [1] for the IETF web site, which I don't think we can do without breaking old tools etc. Nonetheless we would like to turn on things like TLS more often going forward as seemed to me to be the outcome of a long thread on here late last year. So, the IESG are considering the following as an IESG statement to offer some guidance about this: "The IETF are committed to providing secure and privacy friendly access to information via the web, mail, jabber and other services. While most (but not all) data on IETF services is public, nonetheless access to that data should use best practices for security and privacy. However, as there are numerous legacy tools that have been built that require access via cleartext, the IETF will continue to allow such access so as not to break such tooling. New services will however generally only be made available in ways that use security protocols such as TLS." If you have wordsmithing changes to suggest please just send those to me or the iesg. More substantive comments should go here I guess. I hope the only bit worth discussing (except for the few folks who would rather we do none of this;-) might be the last sentence. A few weeks after any discussion here dies down I'll put the resulting text on an IESG telechat for approval if that seems like the right thing to do. Thanks, S [1] https://tools.ietf.org/html/rfc6797