- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 17 Dec 2014 16:57:08 +1100
- To: "Sean B. Palmer" <sean@miscoranda.com>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
Sean, > On 14 Dec 2014, at 9:21 am, Sean B. Palmer <sean@miscoranda.com> wrote: > > The specifics of encryption were only the second part of my email; I > appreciate your information there. But again, the policy must note > that TLS/SSL is known to be partially compromised. You keep on saying "must." I'm happy to discuss this with you, but please don't presume to demand a particular outcome. That aside -- the document already says: """These important properties of authentication, integrity and confidentiality are best — if imperfectly — provided on the Web by Transport Layer Security (TLS)""" note "imperfectly." Furthermore, """We recognize that HTTPS will not solve all — or even many — security problems in the Web platform.""" So, we already acknowledge that TLS is less than perfect. I've tried to make this more clear in: https://github.com/w3ctag/web-https/commit/45e5a8916dd23d4705c60c1ea0107b8b0bdff6b4 Doing much more than that essentially turns the document into a history of the security flaws in TLS, and that seems wildly inappropriate in this document. Cheers, > It is not "detail" to mention that TLS/SSL is partially compromised > when you are advocating widespread use of HTTPS. Widespread use of > HTTPS will incur the consequence that many who switch will still be > vulnerable to Pervasive Monitoring, per RFC 7258. > > Policy ought to be realistic in presenting the situation, not mislead > regarding perceived security, and guard against complacency. Taking > action as I direct will help in each of these areas. > > On Sat, Dec 13, 2014 at 9:51 PM, Mark Nottingham <mnot@mnot.net> wrote: >> Hi Sean, >> >> This finding is not the end statement on all things encryption; it’s a proposal for a high-level policy. The details of encryption are best left to specific Recommendations and RFCs; for example, TLS1.3 is removing RC4 (and HTTP/2 disallows it), and the CFRG is debating the merits of different curves. >> >> Cheers, >> >> >>> On 13 Dec 2014, at 11:06 pm, Sean B. Palmer <sean@miscoranda.com> wrote: >>> >>> Hi Mark, >>> >>> If you are promoting HTTPS for security, you must also record that >>> TLS/SSL were partially compromised as of 2013: >>> >>> "C.3. (TS//SI//REL) The fact that NSA/CSS has some capabilities >>> against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, WEBMAIL, >>> and other network communication technologies" >>> >>> http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide >>> >>> "Several experts, including Bruce Schneier and Christopher Soghoian, >>> have speculated that a successful attack against RC4, a 1987 >>> encryption algorithm still used in at least 50 per cent of all SSL/TLS >>> traffic, is a plausible avenue, given several publicly known >>> weaknesses of RC4. Others have speculated that NSA has gained ability >>> to crack 1024-bit RSA and Diffie Hellman public keys." >>> >>> https://en.wikipedia.org/w/index.php?title=Bullrun_%28decryption_program%29&oldid=631232698#Methods >>> >>> When certificates are upgraded to ECC, these compromises may be fixed, >>> though we are unlikely to know for sure. But there is a good chance >>> that the NSA-influenced NIST curves would be used instead of Prof >>> Bernstein's Curve25519 and associated apparatus. The IETF must not >>> allow this to happen. >>> >>> Update the draft finding to include this information. >>> >>> Regards, >>> >>> On Mon, Dec 8, 2014 at 11:28 PM, Mark Nottingham <mnot@mnot.net> wrote: >>>> We've started work on a new Finding, to a) serve as a Web version of the IAB statement, and b) support the work on Secure Origins in WebAppSec. >>>> >>>> See: <https://w3ctag.github.io/web-https/> >>>> >>>> Repo w/ issues list at <https://github.com/w3ctag/web-https>. >>>> >>>> Cheers, >>>> >>>> >>>> -- >>>> Mark Nottingham https://www.mnot.net/ >>>> >>>> >>> >>> >>> >>> -- >>> Sean B. Palmer, http://inamidst.com/sbp/ >> >> -- >> Mark Nottingham http://www.mnot.net/ >> >> >> > > > > -- > Sean B. Palmer, http://inamidst.com/sbp/ -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 17 December 2014 05:57:34 UTC