- From: Phil Lello <phil@dunlop-lello.uk>
- Date: Sun, 13 Mar 2016 20:17:54 +0000
- To: ietf-http-wg@w3.org
- Message-ID: <CAPofZaG=pr3yymD6-0aAA1uorsSQfgu8YQkUim89zEjXLS220g@mail.gmail.com>
Dear all, Whilst I'm not certain that this is the right forum to address browser support for h2c / non-TLS HTTP/2, I'd like to state my concerns over the de facto requirement for TLS. Whilst the aims of the "SSL everywhere" movement seem reasonable, I'm unconvinced. I'm concerned that in practice, it will make the web less secure whilst creating the illusion of security. In many parts of the western world, bandwidth exists in sufficient quantities for local caching to be overlooked as concern, but it certainly isn't universal - indeed, reliable connectivity is an issue in some locations, and a caching proxy is an appealing solution. TLS proxies already exist that can be used to mitigate this, provided someone is willing to install a root CA to accept re-signed content. Some corporate desktops do this as part of a standard build. Forcing TLS on web users will encourage this practice. There will also be cases where in lieu of installing a root CA, users will become accustomed to accepting self-signed or suspicious certificates, potentially to a level where it becomes automatic even for sites that really shouldn't have this issue. There's a psychological impact to churning out the message that "this site is secure" - it predisposes users to think that if they can see a secure padlock/green tick/whatever then they don't need to concern themselves with what information they're sharing, and why - legitimate sites can be hacked, less reputable ones can get SSL certificates, and if there isn't at least one intelligence agency or organised crime cartel that has a copy of a real root CA cert, then I'm a teapot. Regards, Phil Lello
Received on Sunday, 13 March 2016 20:18:23 UTC