- From: Jacob Appelbaum <jacob@appelbaum.net>
- Date: Sun, 6 Dec 2015 08:42:31 +0000
- To: ietf-http-wg@w3.org
- Cc: Amos Jeffries <squid3@treenet.co.nz>
On 12/6/15, Willy Tarreau <w@1wt.eu> wrote: > On Sun, Dec 06, 2015 at 07:47:17PM +1300, Amos Jeffries wrote: >> On 6/12/2015 11:59 a.m., Jacob Appelbaum wrote: >> > Not exactly. We have started with unencrypted connections that lack >> > confidentiality, integrity and authenticity. Moving to TLS gives us >> > all three with a computational cost and within certain boundaries. >> >> The tired old argument against "TLS-everywhere" is that TLS does *not* >> offer all three of those. >> >> * TLS does not offer confidentiality. TLS MiTM is commonplace now. It >> has even reached the point where traffic metadata can be recorded and >> correlated without decrypting the content of the stream. >> >> * TLS does not offer integrity. TLS MiTM can corrupt the messages inside >> encrypted streams just as easily as thay can for un-encrypted traffic. > > Warning Amos, TLS does offer this when it's used reasonably. The problem > is that when you want to enforce it everywhere, in order to break a few > of them, the other parties have to break all of them, which results in > TLS not offering any of these anymore. That's exactly why I'm opposed to > TLS everywhere. I want to keep these properties of TLS where I need them, > and for this I have to ensure my usage doesn't make it worth breaking it. I wish TLS made selective MITM impossible. We're working on it though! Likely ETA is heat death of the universe, so no worries on that front with your threat/caring/security model. All the best, Jacob
Received on Sunday, 6 December 2015 08:43:02 UTC