--On Friday, August 26, 2011 09:43 -0400 Donald Eastlake <d3e...@gmail.com> wrote:
>> Yup, but why are we using https at all? Who decided, and >> please would they undecide? Unexpired certificates can be >> circumvented, but all too often, the https parts of the web >> site just do not work and, more importantly, I think it wrong >> to use industrial grade security where none is called for. > > The mail archives (and the minutes of the physical meetings) > are the official record of the Working Groups, IETF, etc. > Those archives should be available with a reasonably high > level of integrity and authenticity. Don, If that is the goal, wouldn't we be lots better off just digitally signing those things, just as we are gradually starting to create signatures for I-Ds, etc.? Verifying that one is talking to the right server and that the content is not tampered with in transit is all well and good, but it doesn't protect against compromised documents or a compromised server at all. john _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
