Re: Moving forward on improving HTTP's security

I have to agree that the logic here is hard to find.

On 11/13/2013 09:54 PM, Willy Tarreau wrote:
> On Wed, Nov 13, 2013 at 01:23:41PM -0800, Mike Belshe wrote:
>> To paraphrase, you're saying:
>>    "I don't like TLS because I use the presence of TLS to know that I could
>> be hacked right now.   But if you turn on TLS always, I won't be able to
>> tell if I can get hacked."
> Huh ? No. I mean "The TLS model is fine for me as long as it's used where
> needed and if it's not abused because I expect all actors in the chain to
> care about security". Let's ensure we don't break that weak link from the
> root CAs to me by making its use mandatory for all no-value stuff that
> nobody cares about and which will make it normal for everyone to deploy
> broken configs and rogue CAs everywhere for the sake of simplicity.

Break the link by making it mandatory sounds like wild supposition.


>> To summarize:
>>   1) You're happy with the security you get with TLS to Paypal now
>>   2) You're unhappy with that same security (TLS) enforced everywhere
>> because it is suddenly less secure.
> Exactly.
>> This is also illogical.  We're not changing TLS.
> Yes you are. You're not changing the protocol but the economics and
> the actors' motives to deliver certs the proper way. When certs are
> needed to connect to my printer, I doubt I'll have to order a new
> cert every year to connect to it once every 3 years at most to change
> its IP address. Instead the manufacturer will want a 10 years cert,
> and since he won't be able to get that, some CAs will start to offer
> this (possibly at a high price). We'll possibly find it much easier
> and cheaper to become a valid CA and to issue certs for anyone. I'm
> sorry but the day I can issue a paypal cert myself and have my browser
> accept it without me having to do anything with its configuration, I'll
> start to get a little bit scared.
> Right now it's simple : TLS is annoying to deploy so you do it where
> it matters. It can be free but at least it requires some care and you
> are willing to accept that for the sites you value. Once you don't
> value anymore the certs you are installing and users start to do wrong
> things such as clicking 100 times a day "Ignore this cert error" because
> everyone uses crappy certs, the TLS model will be useless.
> Willy

Received on Wednesday, 13 November 2013 21:58:12 UTC