At 09:43 01-06-2015, The IESG wrote:
The IESG are planning to agree an IESG statement on "HTTPS Everywhere
for the IETF," please see [1] for the current text.
The rules for "HTTPS Everywhere" are:
from "^http://(www\.)?ietf\.org/" to "https://www.ietf.org/";
from "^http://(tools|datatracker)\.ietf\.org/" to "https://$1.ietf.org/";
My reading of the proposed statement is that "all IETF information
must, by default, be made available in a privacy friendly form"
(HTTPS [1]) and that "all links to such information (e.g. href's in
html) should default to causing access via" HTTPS [1]. Is the first
part of that some kind of rewrite rule on the server-side?
I did a quick test by accessing www.ietf.org and it took about two
seconds without the "S" and about seven seconds with the "S". The
extra seconds is a bit slow but it is okay if the objective is to
have some confidentiality. The note in the proposed statement covers
more than the title of the proposed statement.
Regards,
S. Moonesamy
1. HTTPS URIs and appropriate TLS cipher-suites