Re: HTTP/2 and Pervasive Monitoring

Coming back to this thread...

On 15 Aug 2014, at 10:34 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

>> If Opp-Sec traffic is able to be distinguished (e.g., by using a 
>> different ciphersuite), it'll be possible for an active attacker to 
>> selectively MITM it and not be detected. 
> 
> I'm afraid that you just proved one of my points with respect to
> how hard a sell this might be, because people don't understand
> herd immunity  :-)
> 
> Let me try to explain it another way:
> 
> Today the majority of PM has the form of a passive optical splitter,
> tcpdump and postanalysis.  Given the "take" it brings, this is dirt
> cheap to implement.
> 
> Currently, they can run a filter which is essentially:
> 
> 	tcpdump -i all0 -w - | egrep -i "terrorist|bomb"
> 
> and the cost is way less than they spend on toilet-paper.
> 
> By by whitening the present HTTP plaintext traffic with TLS, even
> with quite weak cipher-suites, we dramatically increase the cost
> of the postanalysis step, instantly making that filter impossible.

Right. What I'm saying is that if they can distinguish Opp-Sec traffic from HTTPS traffic, they can take *all* Opp-Sec traffic and MITM it without being detected (presuming we don't layer on other checks, which raise the cost of deploying Opp-Sec). 

It's true that they can't just tcpdump any more; they have to terminate TLS, so this *does* raise the cost of PM somewhat; my concern is that it's not enough, given the amount of cash being thrown at PM and the continuously reducing cost of terminating TLS.

I'm curious; do Ilari's numbers <http://www.w3.org/mid/20140817120844.GA1346@LK-Perkele-VII> change your mind at all?

Cheers,

--
Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 20 August 2014 00:33:00 UTC