W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Willy Tarreau <w@1wt.eu>
Date: Sun, 6 Dec 2015 13:50:30 +0100
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: ietf-http-wg@w3.org, Amos Jeffries <squid3@treenet.co.nz>
Message-ID: <20151206125030.GA28069@1wt.eu>
On Sun, Dec 06, 2015 at 12:29:51PM +0000, Poul-Henning Kamp wrote:
> --------
> In message <20151206080054.GB27791@1wt.eu>, Willy Tarreau writes:
> >> * TLS does not offer integrity. TLS MiTM can corrupt the messages inside
> >> encrypted streams just as easily as thay can for un-encrypted traffic.
> >
> >Warning Amos, TLS does offer this when it's used reasonably.
> There is no way to use it "reasonably" in practice.

But it's not TLS's fault but the whole model of trust. TLS works fine
in a trusted environment. By "trusted" I mean "you only rely on trusted
parties". When you have 500 unknown CAs in your browser that can emit
certs for whatever domain, you're probably not in a trusted environment.
When you have only CAs of parties you decide to trust, the whole chain
can be trusted.

You know well that like you I'm not fond of the resource impact it
causes on components like ours who need to extract routing information
from metadata that were encrypted without providing extra protection,
and that one of the reasons I think that content encryption is better
for some use cases. But when properly configured and with enough CPU
resources, it does work.

It's the whole ecosystem which is broken, not the protocol. The
protocol is not perfect for HTTP but it evolved to integrate better
(eg: SNI) and overall it remains the best solution we've come up
with for now.

> The only tools most people have access to treats all
> non-CA-protection-racket certificats like radioactive ebola virus.

I agree. If at least some of the large internet players started to
become their own CAs and to provide certs for free for everyone and
with various levels of validation, we could probably get rid of the
hundreds of CAs we're forced to trust and not have trouble getting
temporary certs for testing purposes or home use without the pain it
currently is nor the risks it represents to have your internal cert
stolen and reused to emit new certs in a targetted attack. Sites
using self-signed certs should be reported as almost-clear-text and
not cause any error nor warning.

Received on Sunday, 6 December 2015 12:51:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC