- From: Mike Belshe <mike@belshe.com>
- Date: Wed, 13 Nov 2013 13:23:41 -0800
- To: Willy Tarreau <w@1wt.eu>
- Cc: "William Chan (?????????)" <willchan@chromium.org>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCupBg23WkfqFP4XanbbehHpJuzYFskHFX1GDgSoBBq2+Q@mail.gmail.com>
On Wed, Nov 13, 2013 at 1:05 PM, Willy Tarreau <w@1wt.eu> wrote: > Hi Mike, > > On Wed, Nov 13, 2013 at 12:25:55PM -0800, Mike Belshe wrote: > > The argument that we shouldn't do it because it only > > works "until tools get updated to MITM" doesn't work for me, because > that's > > just the way security is. You never finish "security", you just keep > > raising the bar. > > > > Given the widespread snooping that has been so widely publicized in > recent > > months, I think it is imperative that we raise the bar here now. > > At least now I know where the bar is : if my browser tells me I'm > encrypted, > I'm supposed to be secure by current standards. Otherwise I'm not supposed > to. > > With the always-on method you're advocating for, I'll have no way to tell > whether I am or not. Still the MITM will continue to happen because there > are many legitimate needs for this (whether it's caching, malware > protection > or protecting your kids against rapist which chase online). And users will > not have this indicator anymore telling them whether they're MITM-able or > not. > To paraphrase, you're saying: "I don't like TLS because I use the presence of TLS to know that I could be hacked right now. But if you turn on TLS always, I won't be able to tell if I can get hacked." This makes no sense whatsoever. > > At the moment the situation is quite clear : > - you're in HTTP, you're MITM-ed. Period. You're likely to pass through > an intercepting caching proxy at your ISP etc... so let's say you're > almost 100% sure to be MITM-ed. > > - you're in HTTPS at home, excluding the malware running in the browser > and the rogue certificates, you're supposed to be secured. > > - you're in HTTPS at your company with the browser deployed by your > employer, you have to check with your employer (or in your browser) > if the browser is configured to accept an intercepting proxy's certs > or not. > > But with all-TLS it's not possible to tell the difference anymore, because > ISPs will require that end users use connection kits as it was done 20 > years > ago which contain their certificates that you need to install in your > browser, > and these certs will be stored in an even worse way than the current 600 > CAs. > So you'll be apparently HTTPs all the time from home, but with no easy way > to > tell whether you're MITM-ed by your ISP or not, nor by anyone else who has > already stolen your ISP's certs. > And that's definitely not the Internet I want. I want to continue to > connect > to PayPal securely and to read some blogs/forums without having to click to > pass through outdated certificates or those which were emitted for the main > domain and not the sub-domain ones, just to give a few examples of what is > commonly encountered. I want to be able to trust my connection when I need > to. Not to be taught I must trust it otherwise I have no access. > To summarize: 1) You're happy with the security you get with TLS to Paypal now 2) You're unhappy with that same security (TLS) enforced everywhere because it is suddenly less secure. This is also illogical. We're not changing TLS. Mike > Willy > >
Received on Wednesday, 13 November 2013 21:24:09 UTC