Re: Mandatory encryption

On Jul 18, 2012, at 9:54 AM, Mike Belshe wrote:


I'm really against making such a thing mandatory because it will only
improve privacy on a few services which actually do not need it and will
globally deteriorate the overall security by lowering the level of control
of users.

We just disagree.  And I keep going back to the same argument over and over:

Show me the user that will stand up and say, "Yes, I would like my communications to be snoopable and changeable by 3rd parties without my knowledge."

Me! Me! I want my communications snooped and altered!

More seriously, I would like to use the Internet while I'm at work to do cool stuff like participating on this list. This involves traffic getting snooped and filtered by the firewall. This is no different from choosing to walk the streets of London, knowing full well you'll be photographed by multiple video cameras.  In both cases the user has control: she can choose to not use the Internet at work, or never to leave home, but those are really bad choices.

When we find those users, we can design a protocol for them.  Until then, let's design for the existing users of the Internet that want privacy, they want security, they want to be free of tampering, and they want to know if someone else can snoop their traffic.

The proliferation of PII on Facebook and the wide acceptance of traffic and crime prevention cameras in the western world leads me to think that these users who want privacy are not everyone.

Those firewalls I mentioned earlier do TLS proxy these days. So SSL won't protect you from tampering and snooping. Yes, TLS sometimes makes this kind of firewall visible, but it's there anyway. And you can't get through it without submitting to this tampering and snooping.

So you can't get a security benefit without establishing trust between clients and servers. Mandating TLS for all HTTP connections forces all clients to establish trust with all servers. So if Phil wants to control his lightbulb with a browsers, there's three ways to go about it:

 *   He'll need to install a server certificate on the lightbulb (maybe Phil gets a company discount, the rest of us would need to pay)
 *   The lightbulb would have a self-issued certificate, and Phil will have to live with browser warnings
 *   The browser will have TLS_NULL_WITH_NULL_NULL and TLS_DH_anon_WITH_AES_128_GCM_SHA256. And if they accept that from the lightbulb, why not from where it matters?

Yoav

Received on Wednesday, 18 July 2012 07:36:34 UTC