- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 20 Aug 2014 10:32:31 +1000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Coming back to this thread... On 15 Aug 2014, at 10:34 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >> If Opp-Sec traffic is able to be distinguished (e.g., by using a >> different ciphersuite), it'll be possible for an active attacker to >> selectively MITM it and not be detected. > > I'm afraid that you just proved one of my points with respect to > how hard a sell this might be, because people don't understand > herd immunity :-) > > Let me try to explain it another way: > > Today the majority of PM has the form of a passive optical splitter, > tcpdump and postanalysis. Given the "take" it brings, this is dirt > cheap to implement. > > Currently, they can run a filter which is essentially: > > tcpdump -i all0 -w - | egrep -i "terrorist|bomb" > > and the cost is way less than they spend on toilet-paper. > > By by whitening the present HTTP plaintext traffic with TLS, even > with quite weak cipher-suites, we dramatically increase the cost > of the postanalysis step, instantly making that filter impossible. Right. What I'm saying is that if they can distinguish Opp-Sec traffic from HTTPS traffic, they can take *all* Opp-Sec traffic and MITM it without being detected (presuming we don't layer on other checks, which raise the cost of deploying Opp-Sec). It's true that they can't just tcpdump any more; they have to terminate TLS, so this *does* raise the cost of PM somewhat; my concern is that it's not enough, given the amount of cash being thrown at PM and the continuously reducing cost of terminating TLS. I'm curious; do Ilari's numbers <http://www.w3.org/mid/20140817120844.GA1346@LK-Perkele-VII> change your mind at all? Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 20 August 2014 00:33:00 UTC