W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 6 Aug 2012 18:30:18 -0500
Message-Id: <2F6B3673-E6F5-4EB1-8D7B-22CB05D28689@mnot.net>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Additionally, such a plan has to be actually implemented in browsers, and I haven't heard any support from that quarter; more the opposite, in fact. 

Sent from my iPhone

On 06/08/2012, at 6:18 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> 
> Hiya,
> 
> Some points below on what is a tricky issue but one where I think
> the status quo is better than the offered alternatives.
> 
> On 08/06/2012 11:39 PM, Adrien W. de Croy wrote:
>> 
>> I think we need to be clear what we are doing when we apply logic such as
>> 
>> 1. TLS / HTTPS was not designed for inspection
>> 2. therefore any inspection is a hack
>> 3. therefore we should not allow/sanitise it
>> 
>> One could argue that 1. was a design failure (failure to cover all
>> requirements), and that it should just be fixed. 
>> One could also argue that hacks have as much right to be accepted as
>> anything else.  They exist for a purpose.
> 
> Yep. To break e2e security. But that's not a very defensible
> purpose in an organisation (the IETF) where the e2e argument is
> taken seriously.
> 
>> The real world REQUIRES inspection capability, for various reasons.
> 
> The real world also REQUIRES lawful intercept. But we (the IETF)
> don't do that, and we're right I think. (That is, I agree with
> our consensus position.)
> 
> I'd encourage folks who care about this to go look back at the raven
> list arguments (if you've plenty of time;-) [1] I personally think
> that was the IETF at its best - deciding a technical position on
> a technical basis even in the face of non-trivial political and
> commercial pressure.
> 
>   [1] http://www.ietf.org/mail-archive/web/raven/current/maillist.html
> 
> (I hope folks don't try score points by selective quoting from that
> archive - pretty much all opinions are represented there as I recall;-)
> 
>> We can either ignore that requirement, and carry on with our arms race,
>> or come to some mutual agreement on how to deal with the very real and
>> in many (if not most) cases entirely legitimate requirement.
>> 
>> At the moment, it's starting to look uglier and uglier.  Major sites
>> such as FB / Google move to TLS (maybe just to reduce blockage at
>> corporate firewalls?).
>> 
>> I can't count how many customers ask me a week how to block https sites
>> esp FB, gmail, youtube and twitter.  It's pointless arguing whether
>> someone should do this or not, we don't pay for their staff down-time.
>> 
>> So we have MITM code in the lab.  Many others have deployed already.
> 
> Well just block those sites if you must. I don't see why inspection
> is somehow better. I do see that some people might think inspection
> is better, but if that's a falsehood then no conclusion can be drawn.
> (False => anything, logically.) Evidence of the effectiveness of
> MITM inspection (vs. endpoint mechanisms) would be good, but seems
> to be missing.
> 
>> Next step if a site wants to do something about that is maybe start to
>> use client certificates. 
>> Anyone here from the TLS WG able to comment on whether there are plans
>> to combat MITM in this respect?  
> 
> I don't get the question. TLS is designed to combat MITM with or
> without client certs. That's a fundamental requirement for TLS.
> 
>> It's interesting to see the comment
>> about recent TLS WG rejection of support for inspection.
> 
> Recent and repeated. I think this is maybe the 3rd time.
> 
>> At the end of the day, the requirement is not going away, and it's only
>> my opinion, but I think we'd get something that
>> a) works a lot better (more reliably)
>> b) better reflects reality and allows users to make informed choices
> 
> Feel free to propose a specification that meets your proposed
> requirements. That is hard-to-impossible IMO.
> 
>> if we actually accepted the reality of this requirement and designed for
>> it.  IMO b actually results in more security. 
>> As for the issue of trust, this results in a requirement to trust the
>> proxy. 
> 
> You left out an important thing: it requires sites (e.g. a bank)
> to trust proxies the site has never heard of with the site's
> customer data, e.g. payment information.
> 
> Do we really want to engineer the web so as to allow a company
> proxy to prevent payments to the company's favourite bad cause?
> That's what's being enabled here. Its a bad plan.
> 
> It might be tractable to figure how to get a user to trust her
> employer's proxy for some things, but that's just nowhere near a
> full solution IMO.
> 
> Cheers,
> S
> 
>> We don't have a system that does not require any trust in any
>> party.  We trust the bank with our money, we trust the CA to properly
>> issue certificates and to ensure safe keeping of their private keys. 
>> Most people IME are quite happy to have their web surfing scanned for
>> viruses.  I don't see a problem with some real estate on a browser
>> showing that they are required to trust the proxy they are using, or
>> don't go to the site.
>> Otherwise you have to inspect the certificate of every secure and
>> sensitive site you go to in order to check if it's signed by who you
>> expect (e.g. a CA instead of your proxy).  It's completely unrealistic
>> to expect users to do that, and history has shown that educating
>> end-users about the finer points of security is not easily done.
>> 
>> 
>> Adrien
>> 
>> 
>> ------ Original Message ------
>> From: "Mark Nottingham" <mnot@mnot.net>
>> To: "Willy Tarreau" <w@1wt.eu>
>> Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
>> Sent: 7/08/2012 9:16:48 a.m.
>> Subject: Re: Semantics of HTTPS
>>> On 06/08/2012, at 4:14 PM, Willy Tarreau <w@1wt.eu> wrote:
>>> 
>>> 
>>>>> 
>>>>> Right. That's a big change from the semantics of HTTPS today,
>>>>> though; right
>>>>> now, when I see that, I know that I have end-to-end TLS.
>>>>> 
>>>> 
>>>> 
>>>> No, you *believe* you do, you really don't know. That's clearly the
>>>> problem
>>>> with the way it works, man-in-the middle proxies are still able to
>>>> intercept
>>>> it and to forge certs they sign with their own CA and you have no way
>>>> to know
>>>> if your communications are snooped or not.
>>>> 
>>> 
>>> 
>>> It's a really big logical leap from the existence of an attack to
>>> changing the fundamental semantics of the URI scheme. And, that's what
>>> a MITM proxy is -- it's not legitimate, it's not a recognised role,
>>> it's an attack. We shouldn't legitimise it.
>>> 
>>> Cheers,
>>> 
>>> -- 
>>> Mark Nottingham
>>> http://www.mnot.net/
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
>> 
Received on Monday, 6 August 2012 23:30:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 August 2012 23:30:54 GMT