W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 06 Dec 2015 17:32:12 +0000
To: Jacob Appelbaum <jacob@appelbaum.net>
cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <88869.1449423132@critter.freebsd.dk>
--------
In message <CAFggDF1ouuNG8T_VG336YFrPeocJu+3ZBUS1Kie+hz5Euha-sw@mail.gmail.com>, Jacob Appelbaum writes:

>> For "within certain bounds" read:
>>
>> 	"Except any actor which has a trojan or captured CA - which
>> 	means any non-incompetent state actor and many highly
>> 	competent non-state actors."
>>
>
>What is your estimate for the number of actors here with one or both capability?

My personal estimate is that the *cost price* of a bogus certificate
is $10K, to the people who have access to buy one from the source[1].

Price after traversing the blakck market is probably 10-100 times
higher, depending on the target.

>In both cases, I think it is *higher* when we have unencrypted
>connections - removing the requirement for a CA and it ensures that
>malware can easily propagate as every connection to any service
>creates a vector for infection.

I wish competent people like you would stop talking about "encrypted"
vs. "unencrypted", because it is not the encryption itself, but
what it does for us that matters.

The biggest current protocol deficiency is that HTTP offers no means
to check integrity.

That could be done with a simple HTTP header and a thumbs-up icon
in the address-bar, and it wouldn't cost TLS startup overhead and
wouldn't impact the cachebility of the high volume traffic.

To the extent people paid attention to the thumb-up icon[2] it would
instantly prevent ad-injection, make a very large swath of simple
criminal activity impossible, and expose complex criminal activity
to a new range of legal risks (forging documents etc.)

Such calibrated measures, no matter their good cost/benefit, are
of course incompatible with the IETF's "all-out-war" attitude which
Stephen detailed in his email:  Integrity is routinely, as you just
did above, taken hostage for the "TLS everywhere" agenda.

Poul-Henning

[1] That is far too cheap.  IMO, the first time a CA is caught
    issuing a bogus certificate, it should be permanently black-balled
    from all root-cert lists.  The commercial consequences of lax
    security must be so draconian that lax security is NEVER an
    option for a CA.

[2] It would be obvious extension to use DNSSEC to indicate that
    all HTTP traffic should pass integrity.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 6 December 2015 17:32:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC