W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 4 Dec 2015 16:40:43 -0800
Message-ID: <CA+9kkMCBruGRpdUM-j-3=fqvGrHTk9V3z=8X3fee7-iypxsR0g@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Cory Benfield <cory@lukasa.co.uk>, Adrien de Croy <adrien@qbik.com>, Jacob Appelbaum <jacob@appelbaum.net>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
On Fri, Dec 4, 2015 at 4:10 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>

> --------
> In message <245746A1-A574-4D19-A8AA-8AC5270D0D8F@lukasa.co.uk>, Cory
> Benfield w
> rites:
> My point is that TLS anywhere made this *possible* for them.
​And were a majority of traffic in plaintext​ this would have been
impossible?  Harder?  I think maybe easier, instead.   Less expensive, to
boot.  Sure, passive analysis is easier yet, but MiTM of plaintext is
easier than MiTM of TLS on its face.

> The correct response would have been to roll out more or less
> *exactly* what the encryption draft contains, along with a wide
> number of diverse key-management schedules.
​There may also be more than one correct response.​  Doing more than one
thing may be required to get to a desired state, after all.

That way the Kazakh government, no matter how much they desired it,
> would not be able to do a MiTM on their entire country, because they
> would not be able to get any tool from anywhere to implement it.
> Their political choice would then be reduced to:
>    A) Pass traffic, collecting only the "envelope",
> or
>    B) Block all traffic that cannot be inspected.
> Even in Kazakstan B) would be politically suicide, so the result would
> *at worst* be A).
> A) Would have been a *much* better situation than what is now happening.
> Now that they *have* implemented total MiTM, we fight the uphill
> battle where they can (and probably will) block any other kind of
> encrypted traffic than TLS, so rolling out our stronger weapon just
> got impossble.
​And your evidence for this is what, exactly? ​Combined with TLS, how does
your stronger weapon get weaker?

Received on Saturday, 5 December 2015 00:41:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC