I'm increasingly coming to think that *everything* should be done with TLS unless you can prove it's harmful. Call me paranoid, but given the general state of the world, secure-by-default seems like the way to go. -Tim
On Fri, Aug 26, 2011 at 1:39 AM, t.petch <[email protected]> wrote: > ----- Original Message ----- > From: "SM" <[email protected]> > To: "t.petch" <[email protected]> > Cc: "IETF Discussion" <[email protected]> > Subject: Re: https > > >> Hi Tom, >> At 00:18 26-08-2011, t.petch wrote: >> >Besides all the usual hassle of TLS, today the certificate is >> >reported by IE as >> >expired, which sort of sums it up. >> >> Already reported to ietf-action@. >> >> Regards, >> -sm >> >> P.S. My experience of ietf-action@ is that they are responsive and do >> fix problems that are reported. > > Yup, but why are we using https at all? Who decided, and please would they > undecide? Unexpired certificates can be circumvented, but all too often, the > https parts of the web site just do not work and, more importantly, I think it > wrong to use industrial grade security where none is called for. > > Tom Petch > > >> > > _______________________________________________ > Ietf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
