- From: Jacob Appelbaum <jacob@appelbaum.net>
- Date: Sun, 6 Dec 2015 13:47:08 +0000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On 12/6/15, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > -------- > In message > <CAFggDF1NOskxyAdJkamuhM5EmPhcdwfKz9q4y5+SgaCFBWJ6sA@mail.gmail.com> > , Jacob Appelbaum writes: > >>>> Not exactly. We have started with unencrypted connections that lack >>>> confidentiality, integrity and authenticity. Moving to TLS gives us >>>> all three with a computational cost and within certain boundaries. >>> >>> The tired old argument against "TLS-everywhere" is that TLS does *not* >>> offer all three of those. >> >>That argument is wrong when we consider how it is used in practice. As >>an example, we upgrade a protocol from HTTP to HTTPS - we gain those >>properties within certain bounds. > > For "within certain bounds" read: > > "Except any actor which has a trojan or captured CA - which > means any non-incompetent state actor and many highly > competent non-state actors." > What is your estimate for the number of actors here with one or both capability? My estimate is that malware is everywhere and certificates are less so. In both cases, I think it is *higher* when we have unencrypted connections - removing the requirement for a CA and it ensures that malware can easily propagate as every connection to any service creates a vector for infection. All the best, Jacob
Received on Sunday, 6 December 2015 13:47:38 UTC