W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 20 Aug 2014 07:29:38 +0000
To: Mark Nottingham <mnot@mnot.net>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <10689.1408519778@critter.freebsd.dk>
--------
In message <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net>, Mark Nottingham wri
tes:

>> By by whitening the present HTTP plaintext traffic with TLS, even
>> with quite weak cipher-suites, we dramatically increase the cost
>> of the postanalysis step, instantly making that filter impossible.
>
>Right. What I'm saying is that if they can distinguish Opp-Sec traffic 
>from HTTPS traffic, they can take *all* Opp-Sec traffic and MITM it 
>without being detected (presuming we don't layer on other checks, which 
>raise the cost of deploying Opp-Sec). 
>
>It's true that they can't just tcpdump any more; they have to terminate 
>TLS, so this *does* raise the cost of PM somewhat; my concern is that 
>it's not enough, given the amount of cash being thrown at PM and the 
>continuously reducing cost of terminating TLS.

We're in control of how hard we make it for them and therefore we
can always outprice them.  The tradeoff is that we hurt our own
costs as well, but at a much less steep scale.

>I'm curious; do Ilari's numbers 
><http://www.w3.org/mid/20140817120844.GA1346@LK-Perkele-VII> change your 
>mind at all?

No.

I don't think the algorithm matters, as long as it's not buggy, the
bruteforcing will be done against the keys used.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 20 August 2014 07:30:10 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC