W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 3 Dec 2015 20:06:49 +0100
To: Robert Collins <robertc@robertcollins.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Cory Benfield <cory@lukasa.co.uk>, Jacob Appelbaum <jacob@appelbaum.net>, Mike Belshe <mike@belshe.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>
Message-ID: <20151203190649.GF22101@1wt.eu>
On Fri, Dec 04, 2015 at 07:32:39AM +1300, Robert Collins wrote:
> On 4 December 2015 at 07:05, Willy Tarreau <w@1wt.eu> wrote:
> > If you're pushing
> > for more TLS, you're just pushing for more surveillance. That's a fact
> > and it has been proven by this news article. The push for TLS everywhere
> > has at least broken all Khazak's privacy.
> The government mandated visible inspection of traffic that they can't
> otherwise see *because* we've improved the baseline.

That's exactly what we've been warning against for years. And not that
it's not "they cant' otherwise see" but "they're targetting the easiest
and cheapest way". In France if you want to see people's communications,
you first declare them terrorist and then you confiscate their PC, you
claim the data are encrypted, you ask for the key and if they refuse or
try to explain that there's no encryption, you put them in jail until
they change their mind (or they try to invent whatever they can if there
was really no encryption). And people applaud because one more terrorist
got arrested. I'm pretty sure it's the same in many other countries which
don't spend money cracking all SSL communications.

> It makes the
> intrusion visible but it in now way changes the privacy that users in
> Khazakhstan experience: their plaintext traffic is certainly already
> compromised all the time.

Did it ever come to your mind that it was possible that these people
didn't care a dime about their clear text traffic being seen by their
government, neighbors, coworkers, ISPs and whatever ? Most people
nowadays fear the *endpoint*. The big company on the other side knowing
everything about your life and suggesting when you should take your bus
before you even thought you could take a bus. You know, when you perform
a google search and you see a very small and discrete icon on the top right
showing your name and you say "ah shit, I just fed their base again", time
to log out.

> > I predict that in less than 10 years we'll all be using point-to-point
> > TLS because everyone will legally crack it along the way. What a great
> > internet it will be! It used to be limited for *certain* activities
> > only, making it uninteresting to crack most of the time.
> So when we make it infeasible to crack in a stealth fashion,

How do you as a user make the difference between the end point and the
MITM when technically they are the same devices implementing the same
protocols and the same keys ?

> As for whether the bulk of internet users want privacy: I haven't met
> a single non-internet-technicalities-savvy person who didn't express
> immense surprise at the idea that their normal browsing would be
> visible to *anyone* other than the site they were browsing on.

That's exactly why some of us have said that education is more important
than false security. I've heard the media tell people for years that
without the small lock on their browser, everyone could sniff their
exchanges. But ISPs have been selling WiFi routers with default configs
and cleartext setups without telling anything. Then they have claimed
that WPA was secure. Etc. People trust what we tell them. Let's be
clear about the real risks and the real solutions.

> I will happily admit that savvy users can choose to make a tradeoff,
> but non-savvy users take time to become savvy, and we've 7 billion
> people's needs to balance out. Is it less harmful to:
>  - expose everything and then opt into security once you've learnt
> enough about the architecture of the internet to understand whats
> going on

How are the weather forecast or traffic jams considered "exposed"
when they're delivered for the widest possible public consumption ?

>  - protect everything and then opt into publicity once you've learn
> enough about the arch...

Except that by protecting everything you immediately trigger the
"unprotect everything" weapon in the other camp.

It used to be the exact same with company proxies. Most companies
just want to have web-based anti-virus not to have to reinstall
their PCs all the time. They don't care about what you're doing on
the net because they made you sign a chart where you accept the
responsibilities for your actions. It used to work pretty well,
anti-virus software was able to analyse blogs and whatever. The
few tens to hundreds of sites requiring SSL were just whitelisted
after being validated by the admin as looking like "serious sites".

With TLS everywhere, these companies are forced to act as an MITM
to still enforce their anti-virus. Is it a problem for them ?
Absolutely not. Are the users at risk ? Absolutely. Because of this,
dumb admins which didn't have access to the encrypted traffic at all
now can see it in logs and sometimes even contents. They can snarf
it just for fun on a boring day. But doing this on certain commnications
is a really bad thing. And this was made possible by blind excess of

Why do you think laws can pass to mandate decryption ? That's simple,
people don't fight because they don't care for their contents! But
you forced them to accept their few sensitive communications to be
decrypted in the process. They probably don't feel happy but they'll
trust their governments not to act badly because most of them consider
they have nothing to hide.

In France we had "hadopi" years ago, it mandated that ISPs sniff traffic
and report certain activities. Did people go down in the streets because
of this ? certainly not. If next year the government provides a national
certificate to decrypt everything and enforces it on ISPs, just like
last time, they will complain about the deployment cost but that will be
the only real reaction.

> The principle of least surprise suggests that protecting everything
> and opting into publicity is better.

In theory I absolutely agree, except that you're not protecting against
random things but living beings which are smart and react to your actions.
That completely changes things. When you build protections against
earthquakes it's nice because the earth doesn't try to attack you. Doing
this against people who have many ways to get your data is just a way to
ensure their will use the next level of weapon to reach their goal.

Sometimes it's fun to feel stronger than the rest of the world, but it
can also come with great desillusions...

Received on Thursday, 3 December 2015 19:07:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC