W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: patrick mcmanus <pmcmanus@mozilla.com>
Date: Thu, 29 Mar 2012 08:47:24 +0200
Message-ID: <4F74057C.6050305@mozilla.com>
To: ietf-http-wg@w3.org
On 3/29/2012 1:37 AM, Adrien W. de Croy wrote:
> For instance, OCSP and CRL is delivered over HTTP.  This can't use 
> SSL/TLS, else it creates a paradox - how do you validate the cert used 
> to validate the cert (ad infinitum)?

There are a number of possibilities to bootstrap. Stapling is one of 
them. We're seeing even on the current internet that plain http is 
unreliable for this.

> Another topical issue relates to infrastructure providers and security 
> concerns about eavesdropping.  Your network infrastructure starts 
> phoning home using TLS and you'll have some nervous admins.  Some 
> communication needs to be demonstrably open and transparent.

It is an important point that when I (and others in this thread) 
advocate for SSL-everywhere we do not necessarily mean e2e. The working 
group needs to build mechanisms for opting into local intermediaries 
where the client knows that that is happening in a trusted way, has 
control over what goes e2e and what does not, and still maintains some 
kind of insight into the e2e trust chain. That is tricky work that in no 
way am I suggesting has been done - but it is doable. There will always 
be places where inspection is the law - we just need to build a system 
where that happens based on consent (where the other  choice may 
certainly be "no-access"), instead of silently and passively and that it 
constrains passive attacks to the minimum set. (i.e. My university 
requires traffic inspection that I consent to, that doesn't mean I 
should use plain text so that the whole student body can also do their 
own traffic inspection).
Received on Thursday, 29 March 2012 06:48:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC