Re: Fwd: IAB Statement on Internet Confidentiality from Phillip Hallam-Baker on 2014-11-17 (ietf-http-wg@w3.org from October to December 2014)

From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 17 Nov 2014 09:56:39 -0500
To: Roland Zink <roland@zinks.de>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CAMm+Lwhrt_mgujkw1t8bP67UAhn7-E=s0-p2yk6YVo8ijpQHNg@mail.gmail.com>

On Mon, Nov 17, 2014 at 9:16 AM, Roland Zink <roland@zinks.de> wrote:
> On 17.11.2014 13:56, Poul-Henning Kamp wrote:
>>
>> --------
>> In message <5469EE2F.2020108@zinks.de>, Roland Zink writes:
>>
>> Actually I think the most important part is this:
>>
>>>>> Encryption
>>>>> should be authenticated where possible, but even protocols providing
>>>>> confidentiality without authentication are useful in the face of
>>>>> pervasive surveillance as described in RFC 7258.
>>
>> Will browsers finally stop treating self-signed-certs as if they
>> were highly radioaktive ?
>>
> Good question. One example is my home router. When I change the name it
> automatically generates a new self-signed certificate. However when
> accessing the UI the browser gives an error message and only brave people
> will probably continue. Others may just fall back to unencrypted http.

It gets worse.

The next stage is when the router manufacturer decides to eliminate
the repeat of the problem by creating a self signed CA cert.

Alice goes to Bob's router and merrily clicks OK to accept the root
cert. Congratulations, in the service of 'protecting' Alice, the
browser has persuaded her to give Bob the ability to sign certs for
any domain whatsoever.

People get very excited about the 50 or so audited CAs in the browsers
and completely ignore the ease of installing a root from an attacker.
The only controls we get is that these roots can't create EV certs and
pinning can prevent attacks.

Out in China, Chu wants to get on a train. To do this she has to use
the state railway authority Web site. And that requires her to install
the state railway authority root.

The solutions to this would be to (1) accept self signed certs with no
security indicator at all instead of the current practice of giving a
conflicted security indicator, first signaling the user is 'safe' with
the padlock, then telling them that they are not state with an idiot
box (the idiot here being the programmer).

(2) when a self signed cert signing cert is installed, the browser
MUST impose a policy constraint on it to only allow it to sign certs
in the domain for which is was presented. So going to
https://www.china-railway.com.cn/ does not cause the browser to be
configured to accept a cert that can sign certs for cnn.com (some
browsers have been fixed, but I don't know they all have).

Received on Monday, 17 November 2014 14:57:13 UTC