W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 14 Nov 2013 09:30:27 +0100
To: Mike Belshe <mike@belshe.com>
Cc: Martin J. Dürst <duerst@it.aoyama.ac.jp>, Rob Trace <Rob.Trace@microsoft.com>, Michael Sweet <msweet@apple.com>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20131114083027.GM10912@1wt.eu>
On Thu, Nov 14, 2013 at 12:04:04AM -0800, Mike Belshe wrote:
> I agree, TLS is too hard to use today.  We need more tools and simpler
> processes.
> 
> The reason it hasn't been simplified is not because security inhibits
> simplicity.  It's because we're able to quickly opt out of any security
> whatsoever and lazily go about our ways...
> 
> So for those of you that would like more encryption & authentication
> generally, but are resisting TLS for fear of additional work - fear not!
>  The best way to make TLS easier is to use is to make it mandatory.

Better start by removing the option for browsers to bypass TLS errors.
That way sites using TLS will need to take care of doing it correctly.
It's unacceptable that some public sites use a single "www.foo.com" cert
for all the subdomains knowing that users won't bother much. I regularly
see a few of them, I just don't have the last one in mind right now, but
I could easily provide examples.

And I've been one of the bad players here for a test : https://demo.1wt.eu/
presents a certificate for this name just for testing purposes, and the
same cert is presented all over the 1wt.eu domain. Not a big deal, there
is nothing important there and it still allows me/some users to test TLS
support there, nothing more. If browsers could not have even opened the
1wt.eu site, I would have configured the proxy to only support the demo
site for the cert and not the other one. The reason for a single cert is
that having a wildcard was not free. Another point, I could not request
a free cert for "1wt.eu" itself, and wildcards do not allow the main
domain and subdomains at the same time.

The wise visitor will notice that the cert has expired. I was notified
by StartSSL that the cert had to be renewed, which I did, but it was
rejected on the basis that the digit "1" looks like the letter "l" and
could be fooled. Cool. So I can't have a cert anymore for this domain
I've used for 10 years or so. All that not being important, I quickly
ended my attempts to replace this cert.

Also just to give a few numbers :

   - since 1/1/2013, I got 4192 HTTPS requests on this proxy.

   - 1254 of them were for demo.1wt.eu (the registered cert name)

   - 2938 were for the other domains that emit a cert error saying the
     cert doesn't match the web site, which means that users accepted
     to click through the browser's warning. 2 thirds of the requests
     should never have passed through!

   - 1511 requests were made *after* the cert had expired, meaning that
     users don't even care about this error either and still click on
     "I understand the risks".

The problem is exactly here. There is only security when users don't
explicitly and intentionally bypass the controls we implement for them.

I would like to have the time and skills to set up an open wifi access
that would do some MITM TLS and just log requests, in order to provide
statistics. I'm quite sure we'd see numbers similar to those above.

So first let's prevent users from bypassing this control, wait for things
to stabilize and get the user (and web site owner) feedback about what is
needed to enable TLS again on their site. Doing it the other way around
makes us certain that the statistics presented above from *real traffic*
can only get worse.

Willy
Received on Thursday, 14 November 2013 08:31:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC