Re: SSL/TLS everywhere fail

On 12/5/15, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> --------
> In message
> <CAFggDF1ckgL+mGN5NJKv9-Mj5b6MDkHdJC+3SVo=JJ2pKQd=iw@mail.gmail.com>
> , Jacob Appelbaum writes:
>
>>> And that is *exactly* why people should have thought "Hang on, If
>>> TLS-everywhere is easly defeated by COTS products..."
>>
>>The model here is a bit strange. HTTP withou TLS is also easily
>>defeated. There is a cost here that is higher for the adversary and
>>that includes a political one: detection.
>
> Jacob, that's a false dictomy and you know it well.

Not exactly. We have started with unencrypted connections that lack
confidentiality, integrity and authenticity. Moving to TLS gives us
all three with a computational cost and within certain boundaries.
Some object to confidentiality, others to integrity and so on. A lack
of action on this has ensured that some protocols stay unencrypted -
an explicit goal of some of the bad actors who are present as agents
of influence in this (and other!) standards body.

>
> I'm not advocating unencrypted HTTP, you can read what I
> advocated here:  http://phk.freebsd.dk/words/httpbis.html

It seems that others are - by simply keeping the status quo. I see
that you explicitly discuss privacy and that you seem to advocate for
notification to the end user. I have to read the draft much more
carefully to really decide what I think. I think that I don't object
to the draft, generally. It sounds pretty reasonable.

>
> That is pretty much the same delineation as the draft we're
> talking about now.
>

I think we may disagree about meta-data vs content and how we want
surveillance by unauthorized third parties to actually be conducted. I
think I'd like to see an explicit diagram for what a bad actor would
see when they watch your connection, illegally, for example. That is
lacking in your draft - what does it actually look like and what
actions can be performed by attackers?

It would be interesting to read an update of that draft with a
"surveillance considerations" section. It would especially be
interesting to compose it with Tor explicitly and see if together,
both protocols would give us something that we'd like to see but split
in reasonable ways.

>>> Rumours from local sources is that it simply took their webserver
>>> down.  No rumours about the government decision having changed.
>>
>>Now would be a good time to have diplomatic contacts reach out and to
>>confirm, [...]
>
> Unfortunately I don't know anybody in Kazahkstan who can risk sticking
> their head up.

Of course - I am suggesting that we ask people in Europe to hold
discussions with the Kazahkstan government over the issue. I am
planning to do so myself, next week, in the European parliament. Hope
to see you there or at PSC[0] afterwards. Or more on the mailing list,
much to do and all that...

All the best,
Jacob

[0] https://hyperelliptic.org/PSC/index.html

Received on Saturday, 5 December 2015 22:59:53 UTC