W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Sun, 6 Dec 2015 13:47:08 +0000
Message-ID: <CAFggDF1ouuNG8T_VG336YFrPeocJu+3ZBUS1Kie+hz5Euha-sw@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On 12/6/15, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> --------
> In message
> <CAFggDF1NOskxyAdJkamuhM5EmPhcdwfKz9q4y5+SgaCFBWJ6sA@mail.gmail.com>
> , Jacob Appelbaum writes:
>>>> Not exactly. We have started with unencrypted connections that lack
>>>> confidentiality, integrity and authenticity. Moving to TLS gives us
>>>> all three with a computational cost and within certain boundaries.
>>> The tired old argument against "TLS-everywhere" is that TLS does *not*
>>> offer all three of those.
>>That argument is wrong when we consider how it is used in practice. As
>>an example, we upgrade a protocol from HTTP to HTTPS - we gain those
>>properties within certain bounds.
> For "within certain bounds" read:
> 	"Except any actor which has a trojan or captured CA - which
> 	means any non-incompetent state actor and many highly
> 	competent non-state actors."

What is your estimate for the number of actors here with one or both capability?

My estimate is that malware is everywhere and certificates are less so.

In both cases, I think it is *higher* when we have unencrypted
connections - removing the requirement for a CA and it ensures that
malware can easily propagate as every connection to any service
creates a vector for infection.

All the best,
Received on Sunday, 6 December 2015 13:47:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC