[148183] in cryptography@c2.net mail archive
Re: [Cryptography] Moving forward on improving HTTP's security
daemon@ATHENA.MIT.EDU (ianG)
Fri Nov 15 13:00:40 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 15 Nov 2013 10:44:06 +0300
From: ianG <iang@iang.org>
To: Greg <greg@kinostudios.com>, Cryptography <cryptography@metzdowd.com>
In-Reply-To: <CAHUXVy7Ft287kjBGA6NyW0TE4+h5vmX3_BNqnahU64QCXBWcJw@mail.gmail.com>
Cc: John Kelsey <crypto.jmk@gmail.com>, Owen Shepherd <owen.shepherd@e43.eu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 15/11/13 01:25 AM, Owen Shepherd wrote:
> And lose the one opportunity we get to force traffic over to TLS for
> more than a decade?
There is a complicated choice here: Get HTTPS everywhere, get CAs
everywhere, or some combination in-between. The problem here is that
the combination of these two axes (and a few more) is likely an
unsolvable equation, but we can see where some of the extremes are:
i. Get all-TLS & get all-CAs: fail. All CAs will fall to the state.
(This of course can be seen as a tinfoil claim, and it is easy to
dismiss because people simply don't know the reality. FWIW, been there,
got the t-shirt: CAs are a legitimate, popular and priority target of
the TLAs.)
ii. Get TLS (or HTTPS) as an option: fail. This is the current
situation, and results in the downgrade attack. SSL then provides
loose, maybe, sometimes security, which cannot be relied upon *and* it
is expensive because of all the load that other systems place on people.
That's an unacceptable compromise.
The path from endpoint (ii) is rocky, and may or may not lead to
endpoint (i).
For my money, I assume that everyone can see that if we TLS-everything,
then we cannot accept CAs everywhere, and we must add easy opportunistic
encryption.
I might be wrong; there is a lot of vested interest that can only see
their own paycheck, and they are making good money claiming that
HTTPS+CAs is a complete security package for now and the future, we just
need to PKI-'em harder!
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography