Re: SSL/TLS everywhere fail

On Thu, Dec 3, 2015 at 6:26 PM, Alex Rousskov <
rousskov@measurement-factory.com> wrote:

> On 12/03/2015 05:38 PM, Ted Hardie wrote:
> > Look particularly at section 3.  As you will note from that, there are
> > certainly middleboxes which are within scope (configured HTTP proxies
> > among them).  But there are others which are not.  I know of no
> > interception proxy requiring a newly installed root CA which would fit
> > within the current policy, but I'm willing to be informed should there
> > be one.
>
> The prevalence of interception proxies is our other engineering failure,
> but if I have deliberately installed your root CA on my phone and
> clicked "I agree to be monitored by Ted" button in my favorite browser,
> then you are no longer wiretapping my Google requests per RFC 2804.
>
>
​It is also utterly unnecessary if I you are agreeing to be monitored.​  In
the case where you are agreeing to be monitored, you direct the traffic to
the inspection point.  This allows you to use cryptographic confirmation
that you are talking to the appropriate proxy, since it can provide you
such an assertion over that hop (which it cannot do the same if acting as
an interception proxy).  If you really have consent, deploying these root
CAs destroys the authentication property of the encrypted connection,
damaging the overall system, in a way that is simply not required.  That is
deeply sad for that class of cases, but mostly indicative that these are
mostly used where consent isn't present, because the organization involved
doesn't care to get it.

I am not sure who the "our" is in your "our other engineering failure" and
since the problem goes back a long way, there are likely participants in
this working group who have never known a web without this problem.  But
the baseline truth is that there have always been folks who have traded
their ease of configuration and lowered costs for their users privacy and
individual security.   Some of those run enterprise installations; some run
countries.  But the damage to the authentication properties of the system
is the same; it's just at different scales.

regards,

Ted

Received on Friday, 4 December 2015 19:18:34 UTC