W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Chris Palmer <palmer@google.com>
Date: Mon, 15 Dec 2014 11:17:24 -0800
Message-ID: <CAOuvq20W_QCVNY=Hjo1S_iE2EzvmPSnRH_LsDdwNmfegxC+rNg@mail.gmail.com>
To: "Sean B. Palmer" <sean@miscoranda.com>
Cc: Mark Nottingham <mnot@mnot.net>, "www-tag@w3.org List" <www-tag@w3.org>
On Sat, Dec 13, 2014 at 2:21 PM, Sean B. Palmer <sean@miscoranda.com> wrote:

The specifics of encryption were only the second part of my email; I
> appreciate your information there. But again, the policy must note
> that TLS/SSL is known to be partially compromised.

All I saw was things we know about and are working on deprecating (small
RSA keys, RC4, curves of arguably questionable origin, broken hash
functions). This is a natural process of improving cipher suites and
parameters in response to cryptanalytic attack.

> It is not "detail" to mention that TLS/SSL is partially compromised
> when you are advocating widespread use of HTTPS. Widespread use of
> HTTPS will incur the consequence that many who switch will still be
> vulnerable to Pervasive Monitoring, per RFC 7258.

What alternative do you propose? Do you have some perfect protocol and
ciphersuite that you haven't told us about yet?

TLS and the various ciphersuites we use with it are imperfect but
incrementally fixable. HTTP provides no safety guarantees at all. Any
low-latency, bandwidth-efficient protocol will be more or less subject to
traffic analysis.

I'm not sure what your point is. I think most engineers understand TLS to
be a bare minimum security mechanism, and that further security guarantees
are far more likely to build on it than to replace it.
Received on Monday, 15 December 2014 19:17:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC