W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Eliot Lear <lear@cisco.com>
Date: Sun, 25 Aug 2013 11:02:18 +0200
Message-ID: <5219C81A.6030105@cisco.com>
To: Yoav Nir <ynir@checkpoint.com>, "William Chan (ι™ˆζ™Ίζ˜Œ)" <willchan@chromium.org>, Roberto Peon <grmocg@gmail.com>
CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
I'm answering a few messages at once, starting with Will's & Roberto's,
and then going on to Yoav's,

Will, you asked:
> Eliot, can you clarify what section of the minutes you're responding to?

Yes.  Starting with:
> SPDY introduced Madatory [sic] to Use Security; this was
> discussed for HTTP2.0; the working group declined, because of use cases like
> back end services.

Certainly home services can't be considered "backend" and most
enterprises uses could only be considered "backend" with the broadest
use of the term.  In short, there were *many *reasons why the group came
to the decision it came to.  And then moving on, Mark said:

> Mark says "mandatory to offer" is closer to what he said.

Which is in effect mandating of encryption.  After all, how can the
server offer it if it doesn't support it or if a proper certificate
isn't configured.  And the complexity issue arises as well.  The 2nd hum
as stated in the minutes was a vague question, as I wasn't in the room
at that precise moment, that's what I'm going by.

Yoav, you wrote:

On 8/25/13 9:33 AM, Yoav Nir wrote:
> Hi Eliot.
>
> Your message implies that the choice is between cleartext HTTP and an annual fee to a certificate vendor.

Yes.  Maybe really large enterprises have their own CA or even PCA, but
the cost still has to be paid for that.
>
> IETF standards provide at least two other options:
>
> DANE allows you to use a self-issued certificate and register the key in the DNS. This is not implemented in the many thousands of small devices that you mention, or in any browser, but then neither is HTTP/2. 

I agree with you, except for your last assertion - http2 *is* being
implemented in several browsers.  I think it would great if those who
hummed for this discussion exerted some effort to support DNSSEC and
then DANE.

> There is a deployment issue in that publishing a random RR is a non-trivial process. For example, [1] makes no mention of how to generate TLSA records, and GoDaddy (largest registrar in the world) has nothing about it in their support. But all that could change.

The principal issue with DANE is its dependency on DNSSEC.  As nearly
large an issue is the publication of different RRs.  *That* is a big
deal (see the IETF main list and the discussion of SPF), but probably
not appropriate here.

>
> TLS as anonymous ciphersuites that do not require a certificate at all. True, these ciphersuites do not protect against on-path attacks, but they do stop passive listeners, and there is some value in that. Not enough to call it "HTTPS", but it is better than nothing. And the application can still use some channel binding to discover the MitM, such as Trevor's Smart Cookie proposal where the cookie (which is a secret shared by client and server) is bound to the current master secret ([3]). Even without this, defeating passive listeners is a worthy goal.

Yes, but I would be concerned about the benefit being overstated.  I say
this because the reason the chair revisited the discussion is as follows:

> There is new information; there are widespread deployments of sniffers. More
> details have since been released. As Chair, Mark felt that this was enough to
> re-open the discussion.

Anonymous cypher suites might well have changed the character of this
problem, but probably not have reduced it, and may have introduced
unintended consequences.   They still may help with the so-called
"Starbucks" problem, but to me that problem is better dealt with at a
lower layer so that ALL communications on that network can be
protected.  I also believe that the underlying issues of the above
quoted statement lie elsewhere (about 3  to 4 layers above HTTP). 
Again, let's tease out the threat.

Eliot
Received on Sunday, 25 August 2013 09:02:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC