- From: Mike Belshe <mike@belshe.com>
- Date: Wed, 18 Jul 2012 00:04:47 -0700
- To: Willy Tarreau <w@1wt.eu>
- Cc: Phillip Hallam-Baker <hallam@gmail.com>, "Adrien W. de Croy" <adrien@qbik.com>, Rajeev Bector <rbector@yahoo-inc.com>, Martin Thomson <martin.thomson@gmail.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>, Doug Beaver <doug@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCv9qW6s=L9PJHw0d+JjC7DOmgYRKsUTpj-RqTfwmKZpmg@mail.gmail.com>
On Tue, Jul 17, 2012 at 11:18 PM, Willy Tarreau <w@1wt.eu> wrote: > On Tue, Jul 17, 2012 at 10:13:55PM -0700, Mike Belshe wrote: > > > Mandating TLS in 2.0 will not provide an ounce of extra security > > > unless you have a way to know who is running 2.0. And if you can do > > > that you do not need the mandate. > > > > > > > It's all negotiated in the handshake. You'll know who is TLS and who is > > not. > > > > It does provide lots of better security. The internet cafe is the best > > example. I know you're aware of Firesheep. We should make it impossible > > to use firesheep in 2020. Right? > > Mike, till now you've made serious arguments. But quite frankly, firesheep > is just a joke to send the usual summer end-of-the-world alert to the > press. > I think none of us knows anybody who's been victim of this, because where > it > would have mattered, TLS would have been used anyway. > Or maybe you just don't know. > > I'm concerned about the situations where users' security is really > attacked, > which is massive MITM using fake certs, massive bank accounts and > credentials > collection using malware, spyware returning your browsing history to ads > vendors, and more recently malware running on smartphones to collect a lot > of personal information. > Your argument is basically this one: "Dear GMail user, Congratulations! You no longer need a password to access your account! Because hackers have infiltrated TLS, we realize it is not secure anyway. Therefore, we've decided to remove all passwords so that it is as easy for you to access your email as it is for the hackers. Enjoy the new service!" I know there are a lot of types of bad guys. I know there are a lot of people pessimistic about TLS (me too!). But that doesn't mean that we take all security out of protocols. Server authentication can and does work. It will get even better once we start using it everywhere. Lets be clear: TLS is more work. It's harder. It requires everyone to do more than they do today. It requires more tools. It requires more optimizations. But it is absolutely better than where we stand now. We can make this work - it will take a lot of great engineering, but it can be done! Don't be so pessimistic as to say "aw, shucks, we can't do it" - I know for a fact we can. Let's vote in favor of the users, and fix the problem. Protocols can and must be secured. Where they are not, we secure them more. If TLS is not secure enough, we make it more secure too. Mandating TLS for HTTP will not be the end of this road - it is just the beginning. But until we take steps to secure the world, it can never happen. Let's do this!!! > > Mandating use of TLS is irrelevant to these real world issues and can only > make them worse. However I agree it will feel good to say "hey look, now I > can show you that firesheep doesn't see my cleartext password anymore", > but what site would require me to send my password in cleartext over the > net anyway ? > Its not usually about passwords - its about cookie hijacking - going straight into their sessions and accessing all their info. Steal the cookie and you're in. Mike > > Regards, > Willy > >
Received on Wednesday, 18 July 2012 07:05:22 UTC