W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Mon, 7 Dec 2015 00:31:23 +0000
To: Adrien de Croy <adrien@qbik.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Jacob Appelbaum <jacob@appelbaum.net>, Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <5664D35B.2040408@cs.tcd.ie>

Hiya,

On 07/12/15 00:15, Adrien de Croy wrote:
>>
>> httpbis is one of about 100+ IETF WGs.
> exactly my point.
> 
> I'm not saying there's an easy solution, 

Yep.

> but if you consider that one of
> the most monitored protocols is http, you'd think there would be more
> involvement of this WG for such a BCP, especially considering the extent
> to which we are affected by it.

"involvement of this WG" is a bit of a misnomer - people participate
(and not WGs) and if people choose just this one mailing list, that's
what they've chosen. (As I said before, doing so is entirely reasonable;
before I was on the IESG I would have ignored the crap out of many
IETF-wide discussions;-)

There were iirc quite a few people active in this wg who were
active in the discussion of that draft. I really don't think there
was any deficit in consideration of http in the development of
what ended up as BCP188.

> 
> Maybe there needs to be some more design thought put into how wider
> consensus of affected parties can be achieved, so that those who like
> you say aren't on a plethora of lists can still consider that the
> strength of the consensus is maintained, because AFAIC the whole purpose
> of the IETF is to attain consensus on things and represent the view of
> the community.

Sure. If you have ideas on that then (again) ietf@ietf.org is the right
place to start. Or perhaps apps-discuss@ietf.org or dispatch@ietf.org
if the topic is apps/RAI specific or saag@ietf.org if it's really about
security or privacy. There are already quite a few venues for such
things but they are all relatively imperfect and could do with more
sane input. (And as the IETF considers that one of our strengths is
cross-area review, most good suggestions that help with that are warmly
received.)

S.
Received on Monday, 7 December 2015 00:31:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC