W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sun, 6 Dec 2015 13:35:19 +0000
To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Jacob Appelbaum <jacob@appelbaum.net>
Cc: Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <56643997.7040903@cs.tcd.ie>

Sorry to interrupt the flow of tls-is-bad but in amongst the
verbiage were two basic assumptions that I think highlight where
PHK and others with similar views diverge from what has repeatedly
been evaluated as the rough consensus of the IETF.

On 06/12/15 10:58, Poul-Henning Kamp wrote:
> 1)  If you *really* have something to hide, you should focus on
>     protecting your metadata.

The use of the singular "you" a number of times reflects a very
1980's view of the Internet - today a person who may or may not
have something to hide does not (in 99.99% of cases) have the
expertise to know what is involved in that and in many cases does
not even know what it is that may be worthwhile hiding. That person's
wishes and actions are mediated by many different sets of folks to
the point that text like the above and stories about "couriers" are
simply misleading fairy tales.

We (in the IETF) need to develop protocols that work well in this
kind of situation. BCP61 is one expression of that - strong security
needs to be available everywhere for us to do a good job. (Note that
I make no claim that we've done a super-good job at that, but we are
improving and getting more realistic I think as is shown by RFC7435.)

>     Nobody needs to brute-force your session-keys to know what's
>     going on if they know you had a two hour midnight web-session
>     with 'aids-advice.example.com'
> 2)  In most cases the actual message does not need absolute or
>     even any secrecy.  If I browse a major news-site, there is
>     very little incremental information leakage in knowing which
>     particular articles I read.

That's another divergence, BCP188 represents the IETF consensus to
work against PM, and it is abundantly clear that PM and many other
security and privacy threats benefit from use of cleartext HTTP
via tracking and via enabling the potential for injection of various
kinds. That the same is recognised for other protocols used in the
web is confirmed by RFC7626.

More and more I think we are learning that services such as
selective field confidentiality (which have always been very hard
to engineer) are in fact quite possibly damaging, both because
getting the field selection wrong may be inevitable and because the
added complexity could be beyond our ability to engineer at the
scale of the current Internet and web especially as that has
multiple parties involved, which HTTP does. Aiming for such an
outcome in the IETF context is not quite as bad as the magic
thinking of the likes of the current FBI director, but is close
to being as bad, as it is clearly unrealistic in the extreme.

Lastly, while the above quoted text I think does nicely highlight
this basic divergence of opinion, I think that divergence has been
entirely clear for at least a couple of years and that the many
many messages on this list in the last few days have clarified
precisely nothing but are simply repetitive and have basically no
information content. It'd be nice if that flow eased off or
even stopped.

Received on Sunday, 6 December 2015 13:35:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC