[148184] in cryptography@c2.net mail archive
Re: [Cryptography] Moving forward on improving HTTP's security
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri Nov 15 13:01:23 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <5285D0C6.1080707@iang.org>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Fri, 15 Nov 2013 08:43:50 -0500
To: ianG <iang@iang.org>
Cc: Greg <greg@kinostudios.com>, Owen Shepherd <owen.shepherd@e43.eu>,
Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Nov 15, 2013, at 2:44 AM, ianG <iang@iang.org> wrote:
...
> i. Get all-TLS & get all-CAs: fail. All CAs will fall to the state.
>
> (This of course can be seen as a tinfoil claim, and it is easy to dismiss because people simply don't know the reality. FWIW, been there, got the t-shirt: CAs are a legitimate, popular and priority target of the TLAs.)
CAs can participate in MITM attacks, but there are additional measures that can make that behavior very likely to get caught. And right now, most traffic doesn't even need a MITM attack, just eavesdropping to listen in on the unencrypted traffic.
> For my money, I assume that everyone can see that if we TLS-everything, then we cannot accept CAs everywhere, and we must add easy opportunistic encryption.
It seems to me that anything that gives us easy opportunistic encryption is about as vulnerable to MITM attacks as TLS with possibly-compromised CAs.
...
> iang
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
