W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Chris Palmer <palmer@google.com>
Date: Tue, 30 Dec 2014 15:32:12 -0800
Message-ID: <CAOuvq22r=gtikkN7FjFDTv0C5eXqADMVvfhPmEfYpGE+2yM45g@mail.gmail.com>
To: Marc Fawzi <marc.fawzi@gmail.com>
Cc: "henry.story@bblfish.net" <henry.story@bblfish.net>, "Eric J. Bowman" <eric@bisonsystems.net>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On Tue, Dec 30, 2014 at 3:13 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote:

> No. I should rephrase (to be legit here) as: why the fixation with Https and the CA model?

HTTPS — TLS + HTTP — is what we have. It's widely supported, and
widely deployed. It's not perfect, but it's what we have, and we are
improving it (such as by starting to prefer and then require AEAD
ciphersuites and ciphersuites with forward secrecy).

The Web PKI, including its trusted-third party introducer model, is
again widely supported and widely deployed. It's not perfect, but it's
what we have, and we are working on mitigating its known weaknesses
(such as with Certificate Transparency).

Alternatives to the Web PKI model have proven to have at least as many
problems, worse problems, and/or are not deployable/deployed. For
example, we've discussed the performance and privacy problems with
Perspectives/Convergence. Consider also that DNSSEC, on which DANE
relies, has not proven to be widely deployable and a cryptographic
weakness that TLS (as used in browsers/HTTPS) has already improved on:
weak 1024-bit keys. And then there's the end-to-end validation problem
in DNSSEC: it's a LOT of work to get client-side DNS resolvers to
where they perform and *require* validation and reject non-SEC DNS.

At this point, HTTPS and the Web PKI are the state of the art. They
are better than any proposed alternatives we have heard of, both in
theory and in practice, and are in widespread use now. They are a huge
a improvement over unauthenticated, plaintext, non-integrity-protected
HTTP.

At this point, the burden of proof that a viable alternative exists is
not on W3C TAG. Furthermore, waiting 10+ years for a viable
alternative to be designed, widely deployed and widely adopted is not
a serious option.
Received on Tuesday, 30 December 2014 23:32:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC