Re: Mandatory encryption

On Tue, 2012-07-17 at 19:30 -0700, Mike Belshe wrote:

> Mandating SSL is a simple step we can take which solves most of the
> eavesdropping problem right now.  But more importantly, it poises us
> to address the next set of security issues, including CA/verification
> problems,  distribution of video over ssl, handshake latency, etc.
>  Until we start trying to be secure, of course we'll never be secure.

+1.. especially on improving the PKI.

also - When TLS is optional, as in HTTP/1, that means the decision is
made by the server and concerns about the users privacy are controlled
by that side of the transaction. Because it is sometimes more convenient
for the machines to go with plaintext, the user effectively loses choice
and walks smack into the eavesdropping problem. There is no data
transfer that is really public information. [*]

Web transport needs to favor the confidentiality of humans over
convenience of the machines. Even if humans are a cost center.

To the extent that there are non-human use cases for HTTP (definitely!)
that are unable to support this (I'm skeptical they are significant)
they can run a different protocol (e.g. COAP). The human web
requirements have to be met as the most important constituency and that
means increasing transport security.

It hasn't been stated in a while, and its a constant source of confusion
when discussing this topic, but the TLS requirement does not mandate end
to end TLS by tunneling through proxies in the way we currently do. A
mechanism for knowingly interacting with MITM intermediaries is a
necessary work item (discovery, opt-in, etc..) . If you're going to
argue about legally necessary MITMs this is answer to that.

-Patrick

[*] Imagine a giant LCD board over your front door announcing that days
browsing habits.. all of this stuff happens in plain text today:
 + shopped for burner cell phone
 + bing search "domestic violence help"
 + weather in springfield this weekend (you told everyone you were going
to westville)
 + how to organize a union
 + obsessively read huffpo.com - you work for the GOP county
commisioner. (or reverse it with drudge and the Dems.. doesn't matter).
 + watched 3 hours of porn
 + left an anonymous comment on the local newspaper that said "blah
blah"

People shouldn't have to expect that everything they click on will be
public information. Time to raise the bar. HTTP/2 has an opportunity to
improve the overall speed of the web while at the same time enhancing
privacy - that's the right mix.

Received on Wednesday, 18 July 2012 13:07:22 UTC