Re: SSL/TLS everywhere fail from Robert Collins on 2015-12-03 (ietf-http-wg@w3.org from October to December 2015)

From: Robert Collins <robertc@robertcollins.net>
Date: Fri, 4 Dec 2015 07:32:39 +1300
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: Cory Benfield <cory@lukasa.co.uk>, Jacob Appelbaum <jacob@appelbaum.net>, Mike Belshe <mike@belshe.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>
Message-ID: <CAJ3HoZ0ujqmsPbJWLAs4dYzoXpUmTSonJ-qfkuxep++G6J2UDw@mail.gmail.com>

On 4 December 2015 at 07:05, Willy Tarreau <w@1wt.eu> wrote:
> On Thu, Dec 03, 2015 at 05:35:51PM +0000, Cory Benfield wrote:
>> >> Go go go http2 and mandatory SSL everywhere.  Next step - eliminate MITM.
>> >> We haven't done that well yet, but its coming.
>> >
>> > TLS, please. :-)
>> >
>> > All the best,
>> > Jacob
>> >
>>
>> I could not agree more with Jacob if I tried. Well said.
>
> Guys I think you didn't read well. What was reported is that a government
> *officially* enforced the need to legally break TLS.

Just like the US government has done, and the 5 eyes network, and
others, have done stealthily for well over a decade.

> If you're pushing
> for more TLS, you're just pushing for more surveillance. That's a fact
> and it has been proven by this news article. The push for TLS everywhere
> has at least broken all Khazak's privacy.

The government mandated visible inspection of traffic that they can't
otherwise see *because* we've improved the baseline. It makes the
intrusion visible but it in now way changes the privacy that users in
Khazakhstan experience: their plaintext traffic is certainly already
compromised all the time.

> I predict that in less than 10 years we'll all be using point-to-point
> TLS because everyone will legally crack it along the way. What a great
> internet it will be! It used to be limited for *certain* activities
> only, making it uninteresting to crack most of the time.

So when we make it infeasible to crack in a stealth fashion, and
attacks are visible to the populace, folk can decide if they are
willing to live in a panopticon, or if they want to strike down these
bad laws.

Complaining that the panopticon is becoming *visible* doesn't make sense to me.

As for whether the bulk of internet users want privacy: I haven't met
a single non-internet-technicalities-savvy person who didn't express
immense surprise at the idea that their normal browsing would be
visible to *anyone* other than the site they were browsing on.

I will happily admit that savvy users can choose to make a tradeoff,
but non-savvy users take time to become savvy, and we've 7 billion
people's needs to balance out. Is it less harmful to:

 - expose everything and then opt into security once you've learnt
enough about the architecture of the internet to understand whats
going on
 - protect everything and then opt into publicity once you've learn
enough about the arch...

The principle of least surprise suggests that protecting everything
and opting into publicity is better.

-Rob

-- 
Robert Collins <rbtcollins@hp.com>
Distinguished Technologist
HP Converged Cloud

Received on Thursday, 3 December 2015 18:33:09 UTC