- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 13 Nov 2013 21:57:46 +0000
- To: Willy Tarreau <w@1wt.eu>, Mike Belshe <mike@belshe.com>
- CC: "William Chan (?????????)" <willchan@chromium.org>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
I have to agree that the logic here is hard to find. On 11/13/2013 09:54 PM, Willy Tarreau wrote: > On Wed, Nov 13, 2013 at 01:23:41PM -0800, Mike Belshe wrote: >> To paraphrase, you're saying: >> "I don't like TLS because I use the presence of TLS to know that I could >> be hacked right now. But if you turn on TLS always, I won't be able to >> tell if I can get hacked." > > Huh ? No. I mean "The TLS model is fine for me as long as it's used where > needed and if it's not abused because I expect all actors in the chain to > care about security". Let's ensure we don't break that weak link from the > root CAs to me by making its use mandatory for all no-value stuff that > nobody cares about and which will make it normal for everyone to deploy > broken configs and rogue CAs everywhere for the sake of simplicity. Break the link by making it mandatory sounds like wild supposition. S > >> To summarize: >> 1) You're happy with the security you get with TLS to Paypal now >> 2) You're unhappy with that same security (TLS) enforced everywhere >> because it is suddenly less secure. > > Exactly. > >> This is also illogical. We're not changing TLS. > > Yes you are. You're not changing the protocol but the economics and > the actors' motives to deliver certs the proper way. When certs are > needed to connect to my printer, I doubt I'll have to order a new > cert every year to connect to it once every 3 years at most to change > its IP address. Instead the manufacturer will want a 10 years cert, > and since he won't be able to get that, some CAs will start to offer > this (possibly at a high price). We'll possibly find it much easier > and cheaper to become a valid CA and to issue certs for anyone. I'm > sorry but the day I can issue a paypal cert myself and have my browser > accept it without me having to do anything with its configuration, I'll > start to get a little bit scared. > > Right now it's simple : TLS is annoying to deploy so you do it where > it matters. It can be free but at least it requires some care and you > are willing to accept that for the sites you value. Once you don't > value anymore the certs you are installing and users start to do wrong > things such as clicking 100 times a day "Ignore this cert error" because > everyone uses crappy certs, the TLS model will be useless. > > Willy > > > >
Received on Wednesday, 13 November 2013 21:58:12 UTC