Re: Moving forward on improving HTTP's security

------ Original Message ------
From: "William Chan (陈智昌)" <willchan@chromium.org>
>On Wed, Nov 13, 2013 at 2:36 PM, Adrien de Croy <adrien@qbik.com> 
>wrote:
>
>>
>>We added MITM in WinGate mostly because Google and FB went to https.  
>>Google and FB you may take a bow.
>
>FWIW, I'm happy those companies went HTTPS, and I'm sad that y'all are 
>offering MITM features in your products. I suppose that if I ask you 
>not to MITM traffic, you wouldn't listen, would you? :P If you feel 
>that MITM is bad for the web, why are you implementing this? Is it 
>simply because if you don't, then someone else will and people will 
>switch from your product?
we only write the proxy software and provide the feature.  The customer 
decides whether to turn it on or not.
The customers have been asking for this feature for years. We held off, 
but had to concede when Google and FB went to https, as the rate of 
requests went up.  Much of the competition had been offering it for 
several years.

So do you really think the vendor company that steadfastly refuses to 
offer it will be the one left standing?  There are already plenty of 
vendors offering this feature.  It's a competitive necessity.

>
>>
>>Does this improve security of the web overall?  IMO no.  People can 
>>now snaffle banking passwords with a filter plugin.
>
>Just to be clear, the MITM works because the enterprises are adding new 
>SSL root certificates to the system cert store, right? I agree that 
>that is terrible. I wouldn't use that computer :) I hope we increase 
>awareness of this issue.
correct.  You can tell if you're being intercepted if the root cert 
doesn't look like who it should be.

>
>>
>>You really want to scale this out?  How will that make it any better?
>
>I believe that making communications secure by default will overall 
>improve the security of the web as long as most devices don't have 
>these additional SSL root certificates used by the MITM proxies. You 
>are taking a cynical view on the outcome when communications become 
>secure by default. I disagree.
I'm not talking about a hypothetical future.  We're seeing it now.  More 
and more MITMs are being deployed.  That's not a cynical or pessimistic 
view, it's simply accepting reality.

>I think that it's worthwhile to force entities that want to examine 
>communications to have to MITM SSL. I think that the negative PR of a 
>government or ISP or whatever trying to force installations of 
>additional root certificates on end users' machines would be a strong 
>disincentive to employ these policies. I agree it might lead more 
>enterprises to MITM their employees who use corporate devices. It is a 
>sad world indeed if it's the status quo for everyone to use devices 
>with extra root certs so intermediaries can MITM SSL connections.
Many people operating these things don't get a choice.

Try telling a company boss that they shouldn't care if their employees 
cyber-slack all day because you can't tell what they are surfing.  Tell 
them they shouldn't care if their employees download malware and infect 
their networks because they can't scan it for viruses.

>
>>
>>You're suggesting anyone wanting to run an http2 server now has to 
>>purchase, and pay for the ongoing maintenance of a cert, and take the 
>>cost on additional CPU to handle the load?
>
>Yes, I want to use HTTP/2 as a carrot to incentivize server operators 
>to use HTTPS. There are tradeoffs that prevent folks from adopting 
>HTTPS. I'm hoping HTTP/2 helps adjust the tradeoffs in HTTPS' favor 
>somewhat, due to its reduced user perceived latency and improved 
>connection reuse leading to improved scalability compared to HTTP/1.X 
>over TLS.
>
>>
>>Organisations have to live with the pain in the neck of deploying 
>>signing certs to clients, dealing with visitor devices etc etc.  This 
>>= reduction in user experience.
>
>You mean the additional root certs installed on client machines? Good, 
>I'm glad it's a PITA for y'all, so maybe you'll stop doing it or do it 
>less often, and maybe corporations will stop asking you to do this for 
>them.
And maybe not.  You really think corporates are going to stop caring 
about these things?  They are caring more and more, not less and less.

If everyone had a realistic choice, they could choose to stop MITM, but 
malware using https put paid to that.  The argument has already been put 
about the necessity of caching, that you'd presumably also be happy to 
throw under the bus.


>This is terrible and I'm personally not interested in making it easier 
>for organizations to snoop on their members/employees/students/etc.
make sure you're not making incorrect assumptions about this so-called 
"snooping".  Is it really snooping if the only thing that sees the data 
is an AV agent?


>I'm in favor of reduced user experience where the user is someone who 
>wants to MITM SSL traffic.
I'm also in favour of it being visible to the user whether they are 
being intercepted MITMed.

Regards

Adrien

>
>>
>>So, IMO making TLS mandatory = reduced security, worse user 
>>experience, and increased costs.
>>
>>That's progress I guess.
>
>I respectfully disagree with your outcome prediction.
>
>>
>>
>>
>>
>>
>>------ Original Message ------
>>From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
>>To: "Willy Tarreau" <w@1wt.eu>; "Mike Belshe" <mike@belshe.com>
>>Cc: "William Chan (?????????)" <willchan@chromium.org>; "Tao Effect" 
>><contact@taoeffect.com>; "Tim Bray" <tbray@textuality.com>; "James M 
>>Snell" <jasnell@gmail.com>; "Mark Nottingham" <mnot@mnot.net>; "HTTP 
>>Working Group" <ietf-http-wg@w3.org>
>>Sent: 14/11/2013 10:57:46 a.m.
>>Subject: Re: Moving forward on improving HTTP's security
>>>
>>>I have to agree that the logic here is hard to find.
>>>
>>>On 11/13/2013 09:54 PM, Willy Tarreau wrote:
>>>>  On Wed, Nov 13, 2013 at 01:23:41PM -0800, Mike Belshe wrote:
>>>>>  To paraphrase, you're saying:
>>>>>     "I don't like TLS because I use the presence of TLS to know 
>>>>>that I could
>>>>>  be hacked right now. But if you turn on TLS always, I won't be 
>>>>>able to
>>>>>  tell if I can get hacked."
>>>>
>>>>  Huh ? No. I mean "The TLS model is fine for me as long as it's used 
>>>>where
>>>>  needed and if it's not abused because I expect all actors in the 
>>>>chain to
>>>>  care about security". Let's ensure we don't break that weak link 
>>>>from the
>>>>  root CAs to me by making its use mandatory for all no-value stuff 
>>>>that
>>>>  nobody cares about and which will make it normal for everyone to 
>>>>deploy
>>>>  broken configs and rogue CAs everywhere for the sake of simplicity.
>>>
>>>Break the link by making it mandatory sounds like wild supposition.
>>>
>>>S
>>>
>>>>
>>>>>  To summarize:
>>>>>    1) You're happy with the security you get with TLS to Paypal now
>>>>>    2) You're unhappy with that same security (TLS) enforced 
>>>>>everywhere
>>>>>  because it is suddenly less secure.
>>>>
>>>>  Exactly.
>>>>
>>>>>  This is also illogical. We're not changing TLS.
>>>>
>>>>  Yes you are. You're not changing the protocol but the economics and
>>>>  the actors' motives to deliver certs the proper way. When certs are
>>>>  needed to connect to my printer, I doubt I'll have to order a new
>>>>  cert every year to connect to it once every 3 years at most to 
>>>>change
>>>>  its IP address. Instead the manufacturer will want a 10 years cert,
>>>>  and since he won't be able to get that, some CAs will start to 
>>>>offer
>>>>  this (possibly at a high price). We'll possibly find it much easier
>>>>  and cheaper to become a valid CA and to issue certs for anyone. I'm
>>>>  sorry but the day I can issue a paypal cert myself and have my 
>>>>browser
>>>>  accept it without me having to do anything with its configuration, 
>>>>I'll
>>>>  start to get a little bit scared.
>>>>
>>>>  Right now it's simple : TLS is annoying to deploy so you do it 
>>>>where
>>>>  it matters. It can be free but at least it requires some care and 
>>>>you
>>>>  are willing to accept that for the sites you value. Once you don't
>>>>  value anymore the certs you are installing and users start to do 
>>>>wrong
>>>>  things such as clicking 100 times a day "Ignore this cert error" 
>>>>because
>>>>  everyone uses crappy certs, the TLS model will be useless.
>>>>
>>>>  Willy
>>>>
>>>>
>>>>
>>>>
>>>
>>
>