Re: SSL/TLS everywhere fail

On Sun, Dec 06, 2015 at 07:47:17PM +1300, Amos Jeffries wrote:
> On 6/12/2015 11:59 a.m., Jacob Appelbaum wrote:
> > Not exactly. We have started with unencrypted connections that lack
> > confidentiality, integrity and authenticity. Moving to TLS gives us
> > all three with a computational cost and within certain boundaries.
> 
> The tired old argument against "TLS-everywhere" is that TLS does *not*
> offer all three of those.
> 
> * TLS does not offer confidentiality. TLS MiTM is commonplace now. It
> has even reached the point where traffic metadata can be recorded and
> correlated without decrypting the content of the stream.
> 
> * TLS does not offer integrity. TLS MiTM can corrupt the messages inside
> encrypted streams just as easily as thay can for un-encrypted traffic.

Warning Amos, TLS does offer this when it's used reasonably. The problem
is that when you want to enforce it everywhere, in order to break a few
of them, the other parties have to break all of them, which results in
TLS not offering any of these anymore. That's exactly why I'm opposed to
TLS everywhere. I want to keep these properties of TLS where I need them,
and for this I have to ensure my usage doesn't make it worth breaking it. 

To make an analogy, some people used to install some smoke detectors at
home and it used to save them. Some countries have made it mandatory to
install such devices at home, so it created a new interesting market for
unscrupulous vendors making cheap crap that beeps all the day without
any reason, so users end up disabling them and they can't find working
ones anymore since the market was replaced with 10 times cheaper devices.
The real problem here is the mass deployment which opened an opportunity
for doing bad things for end users security. Overall it certainly has
improved the situation but many people believe they're secured while
they are not.

Willy

Received on Sunday, 6 December 2015 08:01:28 UTC