- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Tue, 19 Nov 2013 15:10:23 +0000
- To: Albert Lunde <atlunde@panix.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 11/19/2013 02:33 PM, Albert Lunde wrote: > I'm not sure how "opportunistic encryption" of traffic without > validation of server certificates would be defended against active > man-in-middle attacks. Opportunistic encryption that is vulnerable to mitm attacks can still be valuable. It turns what can otherwise be a passive attack into a requirement to mount an active attack. Active attacks are more expensive to mount, and much more expensive to do at v. large scale, and perhaps more importantly can be detected in some cases, e.g. via later comparisons of session keys used. If pervasive active attacks were to be attempted, then those could probably be detected via some kind of observatory. Passively tapping a fibre and snarfing plaintext is essentially not detectable and apparently is not too expensive for some. And is liable to get cheaper and become more common for more attackers now that the world knows all about it. Having said that, for the web, server-authenticated TLS is better if it we can get it closer to ubiquitous, which is the current plan. But one could make a reasonable argument though that there is a smaller barrier facing the introduction of non-server-auth or opportunistic TLS, due to not having to deal with CAs. TLS has also supported anonymous diffie-hellman key exchange since way back and that is apparently relatively widely implemented at least in libraries. I'm not sure about web servers or browsers, nor about how good the interop situation is though. Those ciphersuites already provide the kind of opportunistic encryption we're talking about here, for example TLS_DH_anon_WITH_AES_128_GCM_SHA256, though again, I don't know if that specific one is readily available today or not, and that is different from the draft that Mark wrote about opportunistic encryption for HTTP before Vancouver. So if the httpbis wg do want to explore that avenue then that would be reasonable and has real benefits and there are sensible ways to go about the work. S.
Received on Tuesday, 19 November 2013 15:10:55 UTC