- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Sun, 6 Dec 2015 19:47:17 +1300
- To: ietf-http-wg@w3.org
On 6/12/2015 11:59 a.m., Jacob Appelbaum wrote: > On 12/5/15, Poul-Henning Kamp wrote: >> -------- >> Jacob Appelbaum writes: >> >>>> And that is *exactly* why people should have thought "Hang on, If >>>> TLS-everywhere is easly defeated by COTS products..." >>> >>> The model here is a bit strange. HTTP withou TLS is also easily >>> defeated. There is a cost here that is higher for the adversary and >>> that includes a political one: detection. >> >> Jacob, that's a false dictomy and you know it well. > > Not exactly. We have started with unencrypted connections that lack > confidentiality, integrity and authenticity. Moving to TLS gives us > all three with a computational cost and within certain boundaries. The tired old argument against "TLS-everywhere" is that TLS does *not* offer all three of those. * TLS does not offer confidentiality. TLS MiTM is commonplace now. It has even reached the point where traffic metadata can be recorded and correlated without decrypting the content of the stream. * TLS does not offer integrity. TLS MiTM can corrupt the messages inside encrypted streams just as easily as thay can for un-encrypted traffic. When used with 2-way certificate verification TLS can offer authenticity. But that is still a rare situation to actually see implemented. Instead we see all sorts of half-measures (eg. HSTS, cert pinning) The benfits of TLS only occur when it is used properly in the situations where it is the best tool. The "TLS everywhere" drive with its over hyped arguments (and outright lies at times) is seriously undermining those benefits by pushing it out into every possible connection no matter how unsuitable TLS is for the use-case or broken the implementation. The push back against "TLS everywhere" is attempting to ensure that those privacy/confidentiality and security/integrity/authentication goals can actually be *achieved*, instead of undermined by a rushed and broken rollout that leaves the whole world in a worse place than un-encrypted rollout did. Lets slow down the hype train and do it *right*. > Some object to confidentiality, others to integrity and so on. A lack > of action on this has ensured that some protocols stay unencrypted - > an explicit goal of some of the bad actors who are present as agents > of influence in this (and other!) standards body. Please do not equate TLS with encryption. Encryption is much bigger than TLS. A fact that the "TLS everywhere" fanatics are constantly shouting out with their insistence that anyone doing encryption in non-TLS settings is Bad Thing. (I know you are not thinking of protocols like DNSSEC, VPN, or VPE as unencrypted, but the implication is there.) Amos
Received on Sunday, 6 December 2015 06:48:41 UTC