- From: 陈智昌 <willchan@chromium.org>
- Date: Fri, 6 Apr 2012 18:02:20 +0200
- To: Ray Polk <ray.polk@oracle.com>
- Cc: nicolas.mailhot@laposte.net, ietf-http-wg@w3.org
- Message-ID: <CAA4WUYibXq0hn6YKYDmEPMKH6qPCy+qVRPum+KoE7batLJ_58A@mail.gmail.com>
I don't like this analogy. Humans have basic immune defenses. In most places, we put locks on public facing doors. We send mail in sealed envelopes. Yet we send almost all our browsing traffic in the clear. Come on guys. And it's not like there aren't enough organizations out there trying to break SSL already. I think they're already pretty motivated. On Fri, Apr 6, 2012 at 5:50 PM, Ray Polk <ray.polk@oracle.com> wrote: > I think Nicolas makes a very strong and important point here. I think > everyone agrees security is a never ending battle of one-upmanship. People > often use the term "arms race" to draw an analogy. > > I prefer the analogy of bacteria / antibiotics. In the lowest risk > infection situations, the user is left to their own devices. In the > highest risk, life/death situations, security doctors bring the most > powerful antibiotics to bear. To treat every infection with the most > powerful countermeasures would weaken those countermeasures for the most > extreme cases. > > Each security mechanism also brings cost to the user and the > infrastructure. In time, the countermeasure loses its effectiveness and > another mechanism is broadly deployed...as time goes to infinity, only the > cost increases. > > -Ray > > ----- Original Message ----- > From: nicolas.mailhot@laposte.net > To: ietf-http-wg@w3.org > Sent: Friday, April 6, 2012 8:35:43 AM GMT -07:00 US/Canada Mountain > Subject: Re: breaking TLS (Was: Re: multiplexing -- don't do it) > > Amos Jeffries <squid3@...> writes: > > > IME admin are usually not that eager to do MITM on TLS. > > Yes there are all sorts of unpleasant legal risks involved > > > It is required by policy makers who just want to publish tick-box > policies > > It is required to authenticate proxy users now that popular sites are > moving to > ssl, since no one has defined a reliable way to do it without breaking tls. > > And then once the system is in place who will vouch it won't be abused for > corporate follies? > > It is *very* dangerous to make encryption an all-or-nothing proposal. That > makes > it an everyone-has-a-reason-to-break-it system, which means it *will* be > broken, > even in the cases it's perfectly justified. > > If you want to add security to browsing make *very* sure there is little > reason > for legal-abiding entities to break it, or they will finance and build the > tools > criminals will use. That means using encryption sparingly, not as a blanket > system. > > > > > >
Received on Friday, 6 April 2012 16:02:49 UTC