- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 18 Nov 2014 08:11:29 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- cc: Jason Greene <jason.greene@redhat.com>, Roland Zink <roland@zinks.de>, ietf-http-wg@w3.org
-------- In message <CABkgnnVWze4YVTfgVc-+9DRTgGdG86xmHbySB=g2uDoyvQ_S=w@mail.gmail.com> , Martin Thomson writes: >> Even better would be to support anonymous ECDH. Why bother requiring all >of these fake certs to be generated when they have no legit purpose. > >That at least is an easy one to answer. If your handshake looks different >(and any anonymous mode will, unless you use TLS 1.3 and some aggressive >padding), then you open an invitation to MitM. This is exactly the kind of crap-think I tried to warn against in my FOSDEM keynote: The point was *not* to defend against MitM but pervasive monitoring. Your attitude there, shared by far too many TLS-heads is like the parents who forego child immunisations, because their kids might feel unwell for a couple of days afterwards. ECDH would do *wonders* against pervasive monitoring, it would render almost all of NSAs take worthless to them, and you cannot do a MitM with a passive splitter. It's the same stupid attitude which makes browsers treat self-signed certs as radioactive waste. That attitude, is a BIG part of the problem, and contributes nothing to the solution for pervasive monitoring. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 18 November 2014 08:11:59 UTC