- From: Willy Tarreau <w@1wt.eu>
- Date: Sun, 6 Dec 2015 13:50:30 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: ietf-http-wg@w3.org, Amos Jeffries <squid3@treenet.co.nz>
On Sun, Dec 06, 2015 at 12:29:51PM +0000, Poul-Henning Kamp wrote: > -------- > In message <20151206080054.GB27791@1wt.eu>, Willy Tarreau writes: > > >> * TLS does not offer integrity. TLS MiTM can corrupt the messages inside > >> encrypted streams just as easily as thay can for un-encrypted traffic. > > > >Warning Amos, TLS does offer this when it's used reasonably. > > There is no way to use it "reasonably" in practice. But it's not TLS's fault but the whole model of trust. TLS works fine in a trusted environment. By "trusted" I mean "you only rely on trusted parties". When you have 500 unknown CAs in your browser that can emit certs for whatever domain, you're probably not in a trusted environment. When you have only CAs of parties you decide to trust, the whole chain can be trusted. You know well that like you I'm not fond of the resource impact it causes on components like ours who need to extract routing information from metadata that were encrypted without providing extra protection, and that one of the reasons I think that content encryption is better for some use cases. But when properly configured and with enough CPU resources, it does work. It's the whole ecosystem which is broken, not the protocol. The protocol is not perfect for HTTP but it evolved to integrate better (eg: SNI) and overall it remains the best solution we've come up with for now. > The only tools most people have access to treats all > non-CA-protection-racket certificats like radioactive ebola virus. I agree. If at least some of the large internet players started to become their own CAs and to provide certs for free for everyone and with various levels of validation, we could probably get rid of the hundreds of CAs we're forced to trust and not have trouble getting temporary certs for testing purposes or home use without the pain it currently is nor the risks it represents to have your internal cert stolen and reused to emit new certs in a targetted attack. Sites using self-signed certs should be reported as almost-clear-text and not cause any error nor warning. willy
Received on Sunday, 6 December 2015 12:51:06 UTC