W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Sat, 5 Dec 2015 15:21:10 +0000
Message-ID: <CAFggDF15Be_8vEfUkm-gHXgosm5ZrdT1-VKpibVj_=QOOoM4XQ@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
On 12/5/15, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> --------
> In message
> <CAFggDF0CzfWuufur4f8RrVYc7kxqKsCatim-Pqhg+i+1jHqQpA@mail.gmail.com>
> , Jacob Appelbaum writes:
>
>
>>> I have no idea what the Tor project will do, but fortunately the
>>> human rights activists I know about has a fallback.
>>
>>I suspect that they will use Tor bridges or another similar bypass
>>method. If they need help, we're always happy to help - please ask
>>them to reach out if we can help.
>
> Obviously I am not going to say anything here that would compromise
> anybody, but I can safely tell you that they are not in your dataset
> for the graph you linked to, and that any contact to the Tor project
> will be at least three arms length.

Understood. None the less - the offer stands, if you have questions
for example, please do reach out.

>>People related to the Tor Project have been working to submit evidence
>>with regard to the latest series of bills on exactly this topic. I
>>guess other groups will do the same.
>
> Sure.
>
> And did you see what all the evidence did for the decision about
> bombing Syria ?

I admit, I did not submit evidence for that topic. I also have a near
total lack of faith in say, the governments involved in those
activities. That doesn't help me with my latent cynicism. Still, I
think we have to look at each place where we can participate and then
we can make an impact by contributing informed information.

>>I'm sorry if I was unclear: The high cost is a cert chain that works
>>on everyone without installing a root.
>
> If you are a government, the cost if getting everybody to install a
> root-cert is probably cheaper than the kit.

I do not believe that the root cert in question will be shipped by
browsers or devices without a user manually installing it.

> In Denmark for instance, all the legislation is in place to require
> people to accept a root-cert for our "NemID" (digital citizen/company
> ID/ single signon), the cert can be downloaded as part of the logon
> procedure and in a matter of days a very large fraction of all Danish
> computers have the root-cert installed.

Yes, I can imagine that may happen - hopefully the cert would be
scoped for specific connections, domains or otherwise treated
differently.

> Other countries are similarly positioned.  Given their current
> "cyber-war" threat-models, hey'd be stupid if not.

Yes, the next step is likely to escalate in this direction. We see it
in many places - still - the fact that things are detectable, fail
closed or require a user to consent will again, change the terrain of
struggle for everyone who cares about these issues.

> (NB: I'm not saying their threat-models are correct or even sane,
> they're not, but given that threat-model, being able to roll out a
> root-cert is the obvious thing to be able to do.)
>
>>Surely you're aware that I'm working on many different angles at the
>>same time - exactly in many of the areas that you suggest.
>
> I'd expect no less of you Jacob.

Hooray. :-)

> And I'll do anything I can do, including as much "empthy rhetoric"
> as I can fit through my various megaphones.

Yes, I totally see that. I feel that it is clear that we're allies
even though we disagree about some of the issues.

>
> In other related news:  The first news-item yesterday, following
> the danish referendum (look it up) was "Denmark's NO means we cannot
> participate in the new anti-terror flight-passenger database".  It
> was made abundantly obvious that this was a TERRIBLE thing.

Interesting. The PNR system is a rich target for collection. Once the
EU has it running with long term data, it will only be as protected as
much as the most honest attacker decides to keep it protected.

> We have, so far, *totally* failed to get the population behind us
> on this cause.

Many of the data collection issues at hand are as inaccessible as
critical facts in biology to entire populations. I'm not sure that
we'll find a way to deal with it until data is taken, leaked and/or
abused. It is very frustrating that systems at scale do not allow for
opt-out.

All the best,
Jacob
Received on Saturday, 5 December 2015 15:21:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC