- From: Tim Berners-Lee <timbl@w3.org>
- Date: Mon, 19 Jan 2015 22:38:41 +0000
- To: Henri Sivonen <hsivonen@hsivonen.fi>
- Cc: Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "Michael[tm] Smith" <mike@w3.org>, Mark Nottingham <mnot@mnot.net>, Public TAG List <www-tag@w3.org>
- Message-Id: <2AE3E1F4-1039-4EF1-A5F3-5246E62A416F@w3.org>
On 2015-01 -15, at 13:58, Henri Sivonen <hsivonen@hsivonen.fi> wrote: > On Tue, Jan 13, 2015 at 8:59 PM, Chris Palmer <palmer@google.com> wrote: >> As discussed earlier in this thread, HTTPS requires clients to >> knowingly opt in to caching, transforming, or spying proxies. But such >> proxies are still possible. HTTPS makes them prove some value. > > While that's technically true, what you say assumes that users aren't > given an informed choice to make about the value. It's way too easy to > make up some excuse why the user needs to run an installer in order > for the Internet connection to "work" and such an installer could add > root certs so that browsers treat them as trusted root certs. > > I think the TAG finding shouldn't suggest that MITMing https might be > OK in some circumstances, because then those who want to MITM could be > emboldened to MITM and to claim that whatever they do is endorsed by > the W3C--all without giving users an opportunity to make an informed > choice and without actually matching the circumstances that the TAG > might have had in mind. For example, to stick with the place that > inspired TimBL's remarks, Great Britain is not really a *remote* > island for connectivity purposes, but it reportedly turned into a > massive captive portal lately > (http://arstechnica.com/tech-policy/2014/12/bt-sky-and-virgin-hijacking-browsers-to-push-porn-blocks/), Alas true. Forcing the user to answer the question is mandated by the Uk government. Many folks in the UK feel it is for the best. (Not all, Not I.). Some feel they are protecting their children in a way that otherwise they would not. The system does NOT require you to adopt and trust a fake cert, it does not reroute HTTPS. It does reroute http traffic. It make it possible but difficult to say "no" to filters. I don't have screen shots but as far as I remember issues included: - The "no filters" path is made twisted, the "yes" straight forward. - There a confirmation path involves an "are you sure" stage - To actually get to "start browsing anyway" is a completely different color button at the top of the screen unlike the other question buttons. - The thing tries to sell you random other BT products while you are in it. - The system can just reset and start asking you the questions randomly again. - I can't count how many times I have gone through that screen on the same line. This is a bit of a sidetrack, as it does not force you to accept a fake cert. Captive portals are a sparate issue. > so there's a pressure to MITM without "remoteness" in the network > topology. > >> Overall, TBL seems to be saying that people shouldn't spy on the net, >> so that we can enjoy many social goods. Among those goods, he seems to >> place the ability to not have to adopt HTTPS. Unfortunately, we don't >> like in so innocent a world, and HTTPS is the bare minimum protection >> against tampering and spying. > > Yeah. The notion that https should be avoided on performance grounds > and the would-be snoopers be asked not to snoop seems unrealistic both > on the point of badness of the effect on performance and on the > effectiveness of just asking the would-be snoops not to. Remember that that note was made when bulk DPI was new. Before, then, bulk DPI was increasingly hard for ISPs to be able to do. Since the, it has become very much easier with increasing processor power and memory. I'm not going to argue about how practical CPU for HTTPs was back then, it is certainly is relatively more practical now of course. > > -- > Henri Sivonen > hsivonen@hsivonen.fi > https://hsivonen.fi/ >
Received on Monday, 19 January 2015 22:38:55 UTC