Hi, Speaking only as myself: On Tue, Mar 15, 2016 at 08:26:37AM +0900, Randy Bush wrote: > > what is the treat model which drives us to tls/https? authenticity of > the data? privacy of what i access? in the scheme of things, how > important are our data anyway and what are we trading for perceived > protection? I think the question of what we want to accomplish is important and the one I'd hope we'd focus on first when trying to answer these questions. It seems to me that people ought to be able to access IETF stuff in as many ways as we can think of, and to do that without fear of repercussions. yet we need to do something about the attacks against the IETF sites, which have been painful and which we need to be prepared to handle. No brilliant suggestions here, just questions. A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx