- From: Jacob Appelbaum <jacob@appelbaum.net>
- Date: Fri, 4 Dec 2015 15:08:08 +0000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, httpbis mailing list <ietf-http-wg@w3.org>
On 12/4/15, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > -------- > In message > <CAFggDF3aDuf6iZqr+n9yvKFfVVjvyntRL=DmA7vmXLh626BOHw@mail.gmail.com> > , Jacob Appelbaum writes: > >>> You cannot fix political problems with technological hacks >> >>Nor can you fix it with political cowardice and security nihilism! > > I don't think you can fairly accuse me of either ? No, I explicitly do not. Others are clearly guilty of both and some of what I've read on the list was pretty... ugh. We've discussed this in person and I think that very clearly we agree that it is a political question. I think we also agree that all of the choices of architecture are also political in nature. We probably don't fully agree on solutions and I completely respect your process for considering the problem space. Others simply disavow any responsibility or pretend that their embrace of the status quo rids them of any responsibility for consequences. I don't really see you in that camp, frankly. > >>As has already been said in the thread: The technological changes >>bring the political problems into a visible space. > > Absolutely agree. Yes, I thought we did largely agree. > But SSL/TLS is just about the worst encryption you can bring to > that fight, because it is *so* trivial and routine to MiTM that you > can find the list-price for the necessary equipment on Google. This is where we diverge, I suspect. None of that equipment is going to work against PayPal or Google or even Tor Project's website when a user uses a modern browser as those sites are TLS with cert pinning. While many sites can be attacked - it requires a specific on-path attacker with access to specific high cost cryptographic resources. This is far less trivial than when the protocol is insecure by default. It costs more to attack encrypted connections and it gives us room to detect and in some cases to to stop attacks. The design of a protocol that relies on an insecure transport is as much of a political choice as the design of a protocol which relies on a secure transport. The architecture of a system is also the architecture of the politics of a system. I'm reminded of something I read ages ago somewhere: "latent structure is master of obvious structure." > > draft-thomson-http-encryption is a much better tool for civil > disobedience: It can be used with a thousand diverse key management > schedules, including the only one we know to be intrinsicly secure > from MiTM (PSK), and there is *no* way to trojan all of it. If it isn't deployed by default, I think it won't be a better tool in practice. If it isn't easy to use and widely deployed, it will only be a small part of the conflict. > Deploy *that* with good key-management tools[1] and the politicians > will face the much more impalatable choice of "Block or Pass". We can't choose a single tactic - we need to push on every front. We will have various tactical wins and losses, those results will ripple out into larger strategic outcomes. > If they choose "pass" we won. > > If they choose "block" we get the population on our side pretty quick. We may also disagree here - I think there is no winning, we just change the cost of attacks for periods of time. A plantext protocol is free to monitor, to attack and also it provides no effective detection mechanism to those most impacted: our end users. This is completely changed in Kazakhstan because of the methods the state has said that they will use. I'd bet that Kazakhstan will not actually carry out long term SSL/TLS MITM attacks without incurring significant economic damage. The system will likely have exceptions for special classes of people - especially foreigners who travel on business. Even the "great" Chinese firewall can be bypassed by buying a Deutsche Telekom SIM and using it while roaming. > Change the world with civil disobedience takes careful planning and > execution. Rosa Parks didn't just happen to be tired. I'm in agreement. My civil disobedience is carefully planned and we're having this discussion because there are many like me working in similar directions. One of the key steps was to change the discussion to understand that there is mass surveillance that is happening at country scale. Another key step has been to build systems that provide alternatives. Further steps are required, of course. With all of that said - no one is forced to use TLS as other have falsely claimed in the thread - they're all free to submit and hope for mercy from the surveillance state. I'm not interested in that path. We need strong defaults that enable people to make that choice. Weak defaults do not give users a choice, they are tossed into to the latent structure of the internet. If we make it secure by default, *each person* can make the same choice to be *insecure* when they want it. The majority of the world will be protected from the majority of would-be-attackers when things are secure by default. It isn't perfect but it changes things drastically. > [1] I hessitate to use the word GPG and "good" in the same context, > but there *is* a very large web of trust to leverage. Ha! Poor GnuPG. All the best, Jacob
Received on Friday, 4 December 2015 15:08:38 UTC