Re: breaking TLS (Was: Re: multiplexing -- don't do it) from Ray Polk on 2012-04-06 (ietf-http-wg@w3.org from April to June 2012)

From: Ray Polk <ray.polk@oracle.com>
Date: Fri, 6 Apr 2012 08:50:05 -0700 (PDT)
To: <nicolas.mailhot@laposte.net>
Cc: <ietf-http-wg@w3.org>
Message-ID: <9b059935-0947-4e7a-87d3-07653f2ec926@default>

I think Nicolas makes a very strong and important point here.  I think everyone agrees security is a never ending battle of one-upmanship.  People often use the term "arms race" to draw an analogy.

I prefer the analogy of bacteria / antibiotics.  In the lowest risk infection situations, the user is left to their own devices.  In the highest risk, life/death situations, security doctors bring the most powerful antibiotics to bear.  To treat every infection with the most powerful countermeasures would weaken those countermeasures for the most extreme cases.

Each security mechanism also brings cost to the user and the infrastructure.  In time, the countermeasure loses its effectiveness and another mechanism is broadly deployed...as time goes to infinity, only the cost increases.

-Ray

----- Original Message -----
From: nicolas.mailhot@laposte.net
To: ietf-http-wg@w3.org
Sent: Friday, April 6, 2012 8:35:43 AM GMT -07:00 US/Canada Mountain
Subject: Re: breaking TLS (Was: Re: multiplexing -- don't do it)

Amos Jeffries <squid3@...> writes:

> IME admin are usually not that eager to do MITM on TLS.

Yes there are all sorts of unpleasant legal risks involved

> It is required by policy makers who just want to publish tick-box policies 

It is required to authenticate proxy users now that popular sites are moving to
ssl, since no one has defined a reliable way to do it without breaking tls.

And then once the system is in place who will vouch it won't be abused for
corporate follies?

It is *very* dangerous to make encryption an all-or-nothing proposal. That makes
it an everyone-has-a-reason-to-break-it system, which means it *will* be broken,
even in the cases it's perfectly justified.

If you want to add security to browsing make *very* sure there is little reason
for legal-abiding entities to break it, or they will finance and build the tools
criminals will use. That means using encryption sparingly, not as a blanket
system.

Received on Friday, 6 April 2012 15:50:38 UTC