Re: Draft finding - "Transitioning the Web to HTTPS" from Henri Sivonen on 2015-01-15 (www-tag@w3.org from January 2015)

From: Henri Sivonen <hsivonen@hsivonen.fi>
Date: Thu, 15 Jan 2015 15:58:29 +0200
To: Chris Palmer <palmer@google.com>
Cc: Noah Mendelsohn <nrm@arcanedomain.com>, "Michael[tm] Smith" <mike@w3.org>, Mark Nottingham <mnot@mnot.net>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
Message-ID: <CAJQvAufKtJEE_m9P0YwKzyRF4jy_fdA+2j+67ui4UKQ5O8viDQ@mail.gmail.com>

On Tue, Jan 13, 2015 at 8:59 PM, Chris Palmer <palmer@google.com> wrote:
> As discussed earlier in this thread, HTTPS requires clients to
> knowingly opt in to caching, transforming, or spying proxies. But such
> proxies are still possible. HTTPS makes them prove some value.

While that's technically true, what you say assumes that users aren't
given an informed choice to make about the value. It's way too easy to
make up some excuse why the user needs to run an installer in order
for the Internet connection to "work" and such an installer could add
root certs so that browsers treat them as trusted root certs.

I think the TAG finding shouldn't suggest that MITMing https might be
OK in some circumstances, because then those who want to MITM could be
emboldened to MITM and to claim that whatever they do is endorsed by
the W3C--all without giving users an opportunity to make an informed
choice and without actually matching the circumstances that the TAG
might have had in mind. For example, to stick with the place that
inspired TimBL's remarks, Great Britain is not really a *remote*
island for connectivity purposes, but it reportedly turned into a
massive captive portal lately
(http://arstechnica.com/tech-policy/2014/12/bt-sky-and-virgin-hijacking-browsers-to-push-porn-blocks/),
so there's a pressure to MITM without "remoteness" in the network
topology.

> Overall, TBL seems to be saying that people shouldn't spy on the net,
> so that we can enjoy many social goods. Among those goods, he seems to
> place the ability to not have to adopt HTTPS. Unfortunately, we don't
> like in so innocent a world, and HTTPS is the bare minimum protection
> against tampering and spying.

Yeah. The notion that https should be avoided on performance grounds
and the would-be snoopers be asked not to snoop seems unrealistic both
on the point of badness of the effect on performance and on the
effectiveness of just asking the would-be snoops not to.

-- 
Henri Sivonen
hsivonen@hsivonen.fi
https://hsivonen.fi/

Received on Thursday, 15 January 2015 13:58:53 UTC