- From: Sean B. Palmer <sean@miscoranda.com>
- Date: Sat, 13 Dec 2014 22:21:55 +0000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
The specifics of encryption were only the second part of my email; I appreciate your information there. But again, the policy must note that TLS/SSL is known to be partially compromised. It is not "detail" to mention that TLS/SSL is partially compromised when you are advocating widespread use of HTTPS. Widespread use of HTTPS will incur the consequence that many who switch will still be vulnerable to Pervasive Monitoring, per RFC 7258. Policy ought to be realistic in presenting the situation, not mislead regarding perceived security, and guard against complacency. Taking action as I direct will help in each of these areas. On Sat, Dec 13, 2014 at 9:51 PM, Mark Nottingham <mnot@mnot.net> wrote: > Hi Sean, > > This finding is not the end statement on all things encryption; it’s a proposal for a high-level policy. The details of encryption are best left to specific Recommendations and RFCs; for example, TLS1.3 is removing RC4 (and HTTP/2 disallows it), and the CFRG is debating the merits of different curves. > > Cheers, > > >> On 13 Dec 2014, at 11:06 pm, Sean B. Palmer <sean@miscoranda.com> wrote: >> >> Hi Mark, >> >> If you are promoting HTTPS for security, you must also record that >> TLS/SSL were partially compromised as of 2013: >> >> "C.3. (TS//SI//REL) The fact that NSA/CSS has some capabilities >> against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, WEBMAIL, >> and other network communication technologies" >> >> http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide >> >> "Several experts, including Bruce Schneier and Christopher Soghoian, >> have speculated that a successful attack against RC4, a 1987 >> encryption algorithm still used in at least 50 per cent of all SSL/TLS >> traffic, is a plausible avenue, given several publicly known >> weaknesses of RC4. Others have speculated that NSA has gained ability >> to crack 1024-bit RSA and Diffie Hellman public keys." >> >> https://en.wikipedia.org/w/index.php?title=Bullrun_%28decryption_program%29&oldid=631232698#Methods >> >> When certificates are upgraded to ECC, these compromises may be fixed, >> though we are unlikely to know for sure. But there is a good chance >> that the NSA-influenced NIST curves would be used instead of Prof >> Bernstein's Curve25519 and associated apparatus. The IETF must not >> allow this to happen. >> >> Update the draft finding to include this information. >> >> Regards, >> >> On Mon, Dec 8, 2014 at 11:28 PM, Mark Nottingham <mnot@mnot.net> wrote: >>> We've started work on a new Finding, to a) serve as a Web version of the IAB statement, and b) support the work on Secure Origins in WebAppSec. >>> >>> See: <https://w3ctag.github.io/web-https/> >>> >>> Repo w/ issues list at <https://github.com/w3ctag/web-https>. >>> >>> Cheers, >>> >>> >>> -- >>> Mark Nottingham https://www.mnot.net/ >>> >>> >> >> >> >> -- >> Sean B. Palmer, http://inamidst.com/sbp/ > > -- > Mark Nottingham http://www.mnot.net/ > > > -- Sean B. Palmer, http://inamidst.com/sbp/
Received on Saturday, 13 December 2014 22:22:23 UTC