Re: authenticated unencrypted

On 18/12/13 3:43 AM, Matthew Kerwin wrote:
> On 18 December 2013 11:25, Patrick McManus <pmcmanus@mozilla.com 
> <mailto:pmcmanus@mozilla.com>>wrote:
>
>
>     On Tue, Dec 17, 2013 at 6:50 PM, Matthew Kerwin
>     <matthew@kerwin.net.au <mailto:matthew@kerwin.net.au>> wrote:
>
>
>         For example, I don't particularly need any of the CC-* content
>         on my website to be encrypted (it's free for everyone to read),
>
>
>     The act of consuming public information requires different
>     protection than the information itself because it concerns both
>     the information and the consumer. The obvious argument is the
>     public library - there are no secrets in the stacks, but the
>     transaction records of a patron's account are held to a different
>     standard.
>
>
> If people are that worried about Super Spies seeing that they 
> requested X documents from my website, including Y HTTP headers, from 
> Z address, then they don't _have_ to visit my site.  Or, if I'm 
> offering TLS and they are happy with the processing overhead of 
> en/decrypting the entire communication* then that's an option.**

I don't have to visit your site, and I don't have to read Wikipedia, 
although that's the first result you get on most search engine searches. 
The point is that looking for specific things on sites may indicate 
something about you. We don't even have to just to the obvious privacy 
and politics examples. If all of a sudden, 5 different computers (as 
evidenced by HTTP headers) from my company start getting RFCs and drafts 
from the CORE working group, this could indicate that we're thinking of 
introducing a product in the IoT area. That would be interesting 
information for competitors, and it's information that should be 
confidential until this fictional product is ready.
>
> * coming back to my understanding that decrypting the entire thing is 
> pretty expensive, but calculating a checksum/hash and decrypting that 
> is cheaper.  If that's an incorrect assumption then please correct me.

These days, the difference is not so great. It used to be that AES-CBC 
took twice as long as HMAC-SHA1. With the newer Intel CPUs, AES-CBC 
takes half as long as HMAC-SHA1. With RC4, there's little difference, 
and when comparing AES-GCM and NULL-with-GHASH, the difference not 
great.  So you do save something by not encrypting, but the performance 
is more like  encryption+protection > protection >> unprotected

>
> ** currently my entire site is HTTP-only, because my hosts don't even 
> offer a TLS option unless I pay a somewhat exorbitant amount to 
> upgrade to a "web commerce" plan, because only "web commerce" people 
> want HTTPS apparently.

That's a problem that is common to hosts in many places, but they're 
getting better.

Received on Wednesday, 18 December 2013 15:51:06 UTC