W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Sun, 6 Dec 2015 08:42:31 +0000
Message-ID: <CAFggDF2-u5KqSta3L4WqaUCdpw33eHKofYQE3uR8w4DTRkz3sg@mail.gmail.com>
To: ietf-http-wg@w3.org
Cc: Amos Jeffries <squid3@treenet.co.nz>
On 12/6/15, Willy Tarreau <w@1wt.eu> wrote:
> On Sun, Dec 06, 2015 at 07:47:17PM +1300, Amos Jeffries wrote:
>> On 6/12/2015 11:59 a.m., Jacob Appelbaum wrote:
>> > Not exactly. We have started with unencrypted connections that lack
>> > confidentiality, integrity and authenticity. Moving to TLS gives us
>> > all three with a computational cost and within certain boundaries.
>>
>> The tired old argument against "TLS-everywhere" is that TLS does *not*
>> offer all three of those.
>>
>> * TLS does not offer confidentiality. TLS MiTM is commonplace now. It
>> has even reached the point where traffic metadata can be recorded and
>> correlated without decrypting the content of the stream.
>>
>> * TLS does not offer integrity. TLS MiTM can corrupt the messages inside
>> encrypted streams just as easily as thay can for un-encrypted traffic.
>
> Warning Amos, TLS does offer this when it's used reasonably. The problem
> is that when you want to enforce it everywhere, in order to break a few
> of them, the other parties have to break all of them, which results in
> TLS not offering any of these anymore. That's exactly why I'm opposed to
> TLS everywhere. I want to keep these properties of TLS where I need them,
> and for this I have to ensure my usage doesn't make it worth breaking it.

I wish TLS made selective MITM impossible. We're working on it though!
Likely ETA is heat death of the universe, so no worries on that front
with your threat/caring/security model.

All the best,
Jacob
Received on Sunday, 6 December 2015 08:43:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC