Re: Moving forward on improving HTTP's security from Mike Belshe on 2013-11-14 (ietf-http-wg@w3.org from October to December 2013)

From: Mike Belshe <mike@belshe.com>
Date: Wed, 13 Nov 2013 16:16:05 -0800
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Adrien de Croy <adrien@qbik.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABaLYCsVSmq7GfZZSFkQMDa=-mKmaLE4kEvbaMcktJC7SzsDQw@mail.gmail.com>
Making TLS mandatory in HTTP will be the best thing to ever happen to TLS
innovation as well.


Mike



On Wed, Nov 13, 2013 at 4:09 PM, William Chan (陈智昌)
<willchan@chromium.org>wrote:

> On Wed, Nov 13, 2013 at 2:36 PM, Adrien de Croy <adrien@qbik.com> wrote:
>
>> I thought we already did the mandatory TLS argument to death many times.
>>
>
> We did :) And I don't think we're going to convince one another here. I
> feel like I understand your position and disagree with it. And I think the
> vice versa is true. I stated my preference earlier, but I don't expect to
> convince you. As much as it'd be nice to have the spec mandate this, so I
> could use it as a weak hammer to beat people on the head with when they
> don't want to use TLS, I don't really think we'll achieve rough consensus.
> But I'll impose my will insofar as I can affect Chromium policy and push
> more HTTPS adoption as much as I can.
>
>
>>
>> We added MITM in WinGate mostly because Google and FB went to https.
>>  Google and FB you may take a bow.
>>
>
> FWIW, I'm happy those companies went HTTPS, and I'm sad that y'all are
> offering MITM features in your products. I suppose that if I ask you not to
> MITM traffic, you wouldn't listen, would you? :P If you feel that MITM is
> bad for the web, why are you implementing this? Is it simply because if you
> don't, then someone else will and people will switch from your product?
>
>
>> Does this improve security of the web overall?  IMO no.  People can now
>> snaffle banking passwords with a filter plugin.
>>
>
> Just to be clear, the MITM works because the enterprises are adding new
> SSL root certificates to the system cert store, right? I agree that that is
> terrible. I wouldn't use that computer :) I hope we increase awareness of
> this issue.
>
>
>> You really want to scale this out?  How will that make it any better?
>>
>
> I believe that making communications secure by default will overall
> improve the security of the web as long as most devices don't have these
> additional SSL root certificates used by the MITM proxies. You are taking a
> cynical view on the outcome when communications become secure by default. I
> disagree. I think that it's worthwhile to force entities that want to
> examine communications to have to MITM SSL. I think that the negative PR of
> a government or ISP or whatever trying to force installations of additional
> root certificates on end users' machines would be a strong disincentive to
> employ these policies. I agree it might lead more enterprises to MITM their
> employees who use corporate devices. It is a sad world indeed if it's the
> status quo for everyone to use devices with extra root certs so
> intermediaries can MITM SSL connections.
>
>
>> You're suggesting anyone wanting to run an http2 server now has to
>> purchase, and pay for the ongoing maintenance of a cert, and take the cost
>> on additional CPU to handle the load?
>>
>
> Yes, I want to use HTTP/2 as a carrot to incentivize server operators to
> use HTTPS. There are tradeoffs that prevent folks from adopting HTTPS. I'm
> hoping HTTP/2 helps adjust the tradeoffs in HTTPS' favor somewhat, due to
> its reduced user perceived latency and improved connection reuse leading to
> improved scalability compared to HTTP/1.X over TLS.
>
>
>>
>> Organisations have to live with the pain in the neck of deploying signing
>> certs to clients, dealing with visitor devices etc etc.  This = reduction
>> in user experience.
>>
>
> You mean the additional root certs installed on client machines? Good, I'm
> glad it's a PITA for y'all, so maybe you'll stop doing it or do it less
> often, and maybe corporations will stop asking you to do this for them.
> This is terrible and I'm personally not interested in making it easier for
> organizations to snoop on their members/employees/students/etc. I'm in
> favor of reduced user experience where the user is someone who wants to
> MITM SSL traffic.
>
>
>>
>> So, IMO making TLS mandatory = reduced security, worse user experience,
>> and increased costs.
>>
>> That's progress I guess.
>
>
> I respectfully disagree with your outcome prediction.
>
>
>>
>>
>>
>>
>>
>> ------ Original Message ------
>> From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
>> To: "Willy Tarreau" <w@1wt.eu>; "Mike Belshe" <mike@belshe.com>
>> Cc: "William Chan (?????????)" <willchan@chromium.org>; "Tao Effect" <
>> contact@taoeffect.com>; "Tim Bray" <tbray@textuality.com>; "James M
>> Snell" <jasnell@gmail.com>; "Mark Nottingham" <mnot@mnot.net>; "HTTP
>> Working Group" <ietf-http-wg@w3.org>
>> Sent: 14/11/2013 10:57:46 a.m.
>> Subject: Re: Moving forward on improving HTTP's security
>>
>>>
>>> I have to agree that the logic here is hard to find.
>>>
>>> On 11/13/2013 09:54 PM, Willy Tarreau wrote:
>>>
>>>>  On Wed, Nov 13, 2013 at 01:23:41PM -0800, Mike Belshe wrote:
>>>>
>>>>>  To paraphrase, you're saying:
>>>>>     "I don't like TLS because I use the presence of TLS to know that I
>>>>> could
>>>>>  be hacked right now. But if you turn on TLS always, I won't be able to
>>>>>  tell if I can get hacked."
>>>>>
>>>>
>>>>  Huh ? No. I mean "The TLS model is fine for me as long as it's used
>>>> where
>>>>  needed and if it's not abused because I expect all actors in the chain
>>>> to
>>>>  care about security". Let's ensure we don't break that weak link from
>>>> the
>>>>  root CAs to me by making its use mandatory for all no-value stuff that
>>>>  nobody cares about and which will make it normal for everyone to deploy
>>>>  broken configs and rogue CAs everywhere for the sake of simplicity.
>>>>
>>>
>>> Break the link by making it mandatory sounds like wild supposition.
>>>
>>> S
>>>
>>>
>>>>   To summarize:
>>>>>    1) You're happy with the security you get with TLS to Paypal now
>>>>>    2) You're unhappy with that same security (TLS) enforced everywhere
>>>>>  because it is suddenly less secure.
>>>>>
>>>>
>>>>  Exactly.
>>>>
>>>>   This is also illogical. We're not changing TLS.
>>>>>
>>>>
>>>>  Yes you are. You're not changing the protocol but the economics and
>>>>  the actors' motives to deliver certs the proper way. When certs are
>>>>  needed to connect to my printer, I doubt I'll have to order a new
>>>>  cert every year to connect to it once every 3 years at most to change
>>>>  its IP address. Instead the manufacturer will want a 10 years cert,
>>>>  and since he won't be able to get that, some CAs will start to offer
>>>>  this (possibly at a high price). We'll possibly find it much easier
>>>>  and cheaper to become a valid CA and to issue certs for anyone. I'm
>>>>  sorry but the day I can issue a paypal cert myself and have my browser
>>>>  accept it without me having to do anything with its configuration, I'll
>>>>  start to get a little bit scared.
>>>>
>>>>  Right now it's simple : TLS is annoying to deploy so you do it where
>>>>  it matters. It can be free but at least it requires some care and you
>>>>  are willing to accept that for the sites you value. Once you don't
>>>>  value anymore the certs you are installing and users start to do wrong
>>>>  things such as clicking 100 times a day "Ignore this cert error"
>>>> because
>>>>  everyone uses crappy certs, the TLS model will be useless.
>>>>
>>>>  Willy
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
Received on Thursday, 14 November 2013 00:16:35 UTC