HTTP 2.0 mandatory security vs. Amateur Radio

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
87 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

HTTP 2.0 mandatory security vs. Amateur Radio

Bruce Perens
Amateur radio, commonly referred to as "ham radio", is prohibited from using encryption to obscure the message content by both international law (an ITU treaty) and its implementations in the national law of most nations. However, we can use encryption that doesn't obscure message content for the purposes of authentication. Use of an https URL over an Amateur Radio connection would be a rule violation.

Although I am well able to discuss the rationale for the prohibition of encryption, that's probably off-topic for this list. Please take it as a given that it's necessary and we like it this way. Anyone who wishes to know more can email me directly.

Radio Amateurs use wifi-like networks, using 802.11 equipment on its usual frequencies or transverting it to other frequencies, and sometimes with a lot more power than non-licensed users are allowed.

Although our routers often run OpenWRT or something similar so that we can add ham-specific protcols, we  use off-the-shelf computing equipment, operating systems, and web browsers.

It would cause us some significant pain if web browsers stopped enabling unencrypted http connections. We'd have to proxy https to http before we allowed the signal on to Amateur frequencies, in order to remain in legal compliance.

I doubt we're the only people in the world who must, or would rather, have their communications in the clear.

    Thanks

    Bruce Perens K6BP
Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

William Chan (陈智昌)
Can you just use unencrypted HTTP/1.X?


On Wed, Nov 13, 2013 at 9:07 PM, Bruce Perens <[hidden email]> wrote:
Amateur radio, commonly referred to as "ham radio", is prohibited from using encryption to obscure the message content by both international law (an ITU treaty) and its implementations in the national law of most nations. However, we can use encryption that doesn't obscure message content for the purposes of authentication. Use of an https URL over an Amateur Radio connection would be a rule violation.

Although I am well able to discuss the rationale for the prohibition of encryption, that's probably off-topic for this list. Please take it as a given that it's necessary and we like it this way. Anyone who wishes to know more can email me directly.

Radio Amateurs use wifi-like networks, using 802.11 equipment on its usual frequencies or transverting it to other frequencies, and sometimes with a lot more power than non-licensed users are allowed.

Although our routers often run OpenWRT or something similar so that we can add ham-specific protcols, we  use off-the-shelf computing equipment, operating systems, and web browsers.

It would cause us some significant pain if web browsers stopped enabling unencrypted http connections. We'd have to proxy https to http before we allowed the signal on to Amateur frequencies, in order to remain in legal compliance.

I doubt we're the only people in the world who must, or would rather, have their communications in the clear.

    Thanks

    Bruce Perens K6BP

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Mark Nottingham-2
In reply to this post by Bruce Perens
Just to make sure it’s understood — we’re talking about the common Web browsing use case (most people’s experience of the “open Web”), not other uses of HTTP. Are you saying that people put a network using amateur radio between a browser and “normal” Web sites, thereby disallowing use of https:// URLs?

If so, what do amateur radio operators in this situation do for https:// URIs today?

Regards,


On 14 Nov 2013, at 1:07 pm, Bruce Perens <[hidden email]> wrote:

> Amateur radio, commonly referred to as "ham radio", is prohibited from using encryption to obscure the message content by both international law (an ITU treaty) and its implementations in the national law of most nations. However, we can use encryption thatdoesn't obscure message content for the purposes of authentication. Use of an https URL over an Amateur Radio connection would be a rule violation.
>
> Although I am well able to discuss the rationale for the prohibition of encryption, that's probably off-topic for this list. Please take it as a given that it's necessary and we like it this way. Anyone who wishes to know more can email me directly.
>
> Radio Amateurs use wifi-like networks, using 802.11 equipment on its usual frequencies or transverting it to other frequencies, and sometimes with a lot more power than non-licensed users are allowed.
>
> Although our routers often run OpenWRT or something similar so that we can add ham-specific protcols, we  use off-the-shelf computing equipment, operating systems, and web browsers.
>
> It would cause us some significant pain if web browsers stopped enabling unencrypted http connections. We'd have to proxy https to http before we allowed the signal on to Amateur frequencies, in order to remain in legal compliance.
>
> I doubt we're the only people in the world who must, or would rather, have their communications in the clear.
>
>     Thanks
>
>     Bruce Perens K6BP

--
Mark Nottingham   http://www.mnot.net/




Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Bruce Perens
In reply to this post by William Chan (陈智昌)
On 11/13/2013 09:13 PM, William Chan (陈智昌) wrote:
Can you just use unencrypted HTTP/1.X?
For a time. But old protocols tend to be desupported as new versions evolve, especially in a security-conscious environment.

I also having trouble believing that all users are content to have a secure environment enforced upon them 100% of the time by protocol designers. For example, for the past decade I have destroyed encrypted emails unread, because I dislike being involved in topics that would require them. I'd hate to be constrained to use them.

Certainly there is more we can do to protect the naive user. But perhaps it belongs elsewhere.
Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Bruce Perens
In reply to this post by Mark Nottingham-2
On 11/13/2013 09:26 PM, Mark Nottingham wrote:
Just to make sure it’s understood — we’re talking about the common Web browsing use case (most people’s experience of the “open Web”), not other uses of HTTP. Are you saying that people put a network using amateur radio between a browser and “normal” Web sites, thereby disallowing use of https:// URLs?
We should be preventing access to https URLs from the radio side, and should be preventing access to the radio side by unlicensed persons on the global Internet. We have IPV4 address block 44/8 on the global internet (see http://en.wikipedia.org/wiki/AMPRNet), so some radio networks would be routable from the global internet without firewall rules.

Consider that today we could deploy a commercial web server and a commercial web browser on the radio network, and they will operate in a rule-compliant manner as long as we use http. It would be a shame if those commercial products stopped working for us.

    Thanks

    Bruce
Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Mark Nottingham-2

On 14 Nov 2013, at 1:43 pm, Bruce Perens <[hidden email]> wrote:

> Consider that today we could deploy a commercial web server and a commercial web browser on the radio network, and they will operate in a rule-compliant manner as long as we use http. It would be a shame if those commercial products stopped working for us.

Fair enough.

The Web server can still deploy HTTP/1 over http:// URIs, and browsers (commercial or not) should be supporting that for a long, long time.

There’s some notion that browsers might support HTTP/2 for http:// URIs when it’s *not* the “general/open” Internet; it sounds like your use case might fall into this bucket.

Cheers,


--
Mark Nottingham   http://www.mnot.net/




Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Bruce Perens
On 11/13/2013 09:58 PM, Mark Nottingham wrote:


There’s some notion that browsers might support HTTP/2 for <a class="moz-txt-link-freetext" href="http://">http:// URIs when it’s *not* the “general/open” Internet; it sounds like your use case might fall into this bucket.

I'd be more comfortable with MUST than might. Making http an optional feature will guarantee that we are forced off of the mainstream once version 1.1 dies, in perhaps 10 years, and will have to use either open source or specially-crafted proprietary software at that time. Much as I love Open Source, I'm not sure we should be in the position of forcing people to use it.

    Thanks

    Bruce
Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Roberto Peon-2

One of the reasons why http/1.1 is what people use on port 80 is because that is all which reliably traverses it.

Deployment of http2.0 on port 80, unencrypted, across the internet would be a reliability and support nightmare. The spec could attempt to mandate it, but I don't see that actually changing anything about how they would be forced to deploy it over the internet. That would be a poor idea.

-=R

On Nov 13, 2013 8:17 PM, "Bruce Perens" <[hidden email]> wrote:
On 11/13/2013 09:58 PM, Mark Nottingham wrote:


There’s some notion that browsers might support HTTP/2 for http:// URIs when it’s *not* the “general/open” Internet; it sounds like your use case might fall into this bucket.

I'd be more comfortable with MUST than might. Making http an optional feature will guarantee that we are forced off of the mainstream once version 1.1 dies, in perhaps 10 years, and will have to use either open source or specially-crafted proprietary software at that time. Much as I love Open Source, I'm not sure we should be in the position of forcing people to use it.

    Thanks

    Bruce
Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Nicolas Mailhot

Le Jeu 14 novembre 2013 09:16, Roberto Peon a écrit :
> One of the reasons why http/1.1 is what people use on port 80 is because
> that is all which reliably traverses it.

And it reliably traverses it because there is a wide array of solutions on
the market that permit its filtering. If you remove this security
property, port 80 reliable availability will become something of the past
and it will join the long list of protocols too annoying to control to be
permitted on network boundaries.

Most people do not trust random server hosts on the Internet. Mandatory
TLS assume they will. Given how diverse the human population is, there is
no chance in hell for that to happen. (yes this wg can remove possibility
of fine-grained filtering. You'll see people dropping whole continents at
the ip level instead, like already happens for mail).

There have still not been any explanation why traffic must be 100%
encrypted. People do not wear black balaclavas by default in real life
just in case a CCTV camera or a Google car passes by.

--
Nicolas Mailhot


Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Roberto Peon-2


On Nov 13, 2013 11:09 PM, "Nicolas Mailhot" <[hidden email]> wrote:
>
>
> Le Jeu 14 novembre 2013 09:16, Roberto Peon a écrit :
> > One of the reasons why http/1.1 is what people use on port 80 is because
> > that is all which reliably traverses it.
>
> And it reliably traverses it because there is a wide array of solutions on
> the market that permit its filtering. If you remove this security
> property, port 80 reliable availability will become something of the past
> and it will join the long list of protocols too annoying to control to be
> permitted on network boundaries.
>

No, you have this backwards.
ONLY HTTP1.1 TRAVERSES PORT 80 RELIABLY.
ONLY HTTP/1.1!

NOTHING ELSE.

> Most people do not trust random server hosts on the Internet. Mandatory
> TLS assume they will. Given how diverse the human population is, there is
> no chance in hell for that to happen. (yes this wg can remove possibility
> of fine-grained filtering. You'll see people dropping whole continents at
> the ip level instead, like already happens for mail).
>
> There have still not been any explanation why traffic must be 100%
> encrypted. People do not wear black balaclavas by default in real life
> just in case a CCTV camera or a Google car passes by.

Are you not current with the news about pervasive monitoring?

-=R

>
> --
> Nicolas Mailhot
>

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Stephen Farrell
In reply to this post by Bruce Perens

Hi Bruce,

On 11/14/2013 05:07 AM, Bruce Perens wrote:

> Amateur radio, commonly referred to as "ham radio", is prohibited from using
> encryption to obscure the message content by both international law (an ITU
> treaty) and its implementations in the national law of most nations. However, we
> can use encryption that /doesn't/ obscure message content for the purposes of
> authentication. Use of an https URL over an Amateur Radio connection would be a
> rule violation.
>
> Although I am well able to discuss the rationale for the prohibition of
> encryption, that's probably off-topic for this list. Please take it as a given
> that it's necessary and we like it this way. Anyone who wishes to know more can
> email me directly.

Well, I don't think its that simple to be honest. If there are
good reasons to prefer the status quo that's fine, but that
treaty is a fairly old thing and I think the argument that we
should hold up security improvements in the web on that basis
is not at all compelling. One could equally argue that today's
common use of crypto for communication on the Internet and the
web indicates that that treaty is now past its sell-by date.
(I do realise that's not a usefully actionable argument for
ham radio users.)

Occasionally we're told that there are places in the world
where current crypto is illegal (usually without reference to
specific laws), but we nonetheless use strong crytpo in our
protocols, going all the way back to RFC 1984. And we're right
to do that. So your argument would also apply to an IPsec VPN
but yet I don't see an argument that such VPNs ought only
use AH and not ESP.

> Radio Amateurs use wifi-like networks, using 802.11 equipment on its usual
> frequencies or transverting it to other frequencies, and sometimes with a lot
> more power than non-licensed users are allowed.

There could be an interesting workshop paper on how HTTP/2.0
would run over AX.25 for sure. Has anyone done that? I'd
wonder if there are other non-security features of HTTP/2.0
(as currently proposed) that would make it more or less
well suited for use in such networks.

> Although our routers often run OpenWRT or something similar so that we can add
> ham-specific protcols, we  use off-the-shelf computing equipment, operating
> systems, and web browsers.
>
> It would cause us some significant pain if web browsers stopped enabling
> unencrypted http connections. We'd have to proxy https to http before we allowed
> the signal on to Amateur frequencies, in order to remain in legal compliance.

Yes, that's true. The same is true for people who do DTN experiments
(like me) where we have tried out various ways to get HTTP traffic
to very odd places using RFC 5050. Now while ham radio is a much
more real use-case than DTN, personally I think that the good for
the billions of users of the web should outweigh the needs of such
tiny communities in general.

Cheers,
S.

> I doubt we're the only people in the world who must, or would rather, have their
> communications in the clear.
>
>      Thanks
>
>      Bruce Perens K6BP
>

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Nicolas Mailhot
In reply to this post by Roberto Peon-2

Le Jeu 14 novembre 2013 10:19, Roberto Peon a écrit :
> On Nov 13, 2013 11:09 PM, "Nicolas Mailhot" <[hidden email]>

>> There have still not been any explanation why traffic must be 100%
>> encrypted. People do not wear black balaclavas by default in real life
>> just in case a CCTV camera or a Google car passes by.
>
> Are you not current with the news about pervasive monitoring?

Are you not current with the way CCTV cameras have mushroomed everywhere,
Google cars capture passer-bys and *people* *don't* *care* (and when they
care the solution is legislation like European privacy laws, not technical
constrains. Please fix your laws if you don't like them don't foster
technical limits on everyone else).

--
Nicolas Mailhot


Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Bruce Perens
In reply to this post by Stephen Farrell
While the treaty is old, the latest FCC review of the issue concluded just a month ago, An encryption ban is there for the foreseeable future and we like it that way, the rest of that discussion belongs off-list.

The presence of Amateur Radio makes an important point here, though: the global internet is far from the only user of the HTTP protocol. Comcast is another good example, they operate a huge private IPV6-only net over which there is lower-layer security and the high-layer band-aid of TLS is not necessary. Conventional internet traffic is encapsulated before being carried on the Comcast network, and is a minority payload there. But HTTP is an oft-used tool within the Comcast network.

The creation of a Concealment Society carries its own evils, rather than being a completely benign and freedom-preserving response to the problem of government and corporate surveilance. Not everyone opposes such surveilance, and not everyone is in favor of private efforts to defeat it. An HTTP protocol which provides us with no means of opting out of the Concealment Society takes out of our hands a choice that should be ours.

     Thanks

     Bruce

Stephen Farrell <[hidden email]> wrote:
>If there are good reasons to prefer the status quo that's fine, but that treaty is a fairly old thing
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Roberto Peon-2

There is a means of opting out, however, which exists and is widely deployed: http1

There was near unanimity at the plenary that we should do something about pervasive monitoring, and while I don't believe that there were any actuonable , unambiguous dieectuves , the spirit of the room was quite clear. The IETF intends to attempt to do something about this.

Even were that not the case, websites are changing to https for various other reasons, and under Mark's proposed option C, http2 would be for those URLs while http1 would be used for URLs with an http scheme.

Your larger problem is not that http2 will do encryption, but rather that sites are choosing to use https. No protocol change or spec change can protect the HAM community from that sea-change.

-=R

On Nov 14, 2013 7:06 AM, "Bruce Perens" <[hidden email]> wrote:
While the treaty is old, the latest FCC review of the issue concluded just a month ago, An encryption ban is there for the foreseeable future and we like it that way, the rest of that discussion belongs off-list.

The presence of Amateur Radio makes an important point here, though: the global internet is far from the only user of the HTTP protocol. Comcast is another good example, they operate a huge private IPV6-only net over which there is lower-layer security and the high-layer band-aid of TLS is not necessary. Conventional internet traffic is encapsulated before being carried on the Comcast network, and is a minority payload there. But HTTP is an oft-used tool within the Comcast network.

The creation of a Concealment Society carries its own evils, rather than being a completely benign and freedom-preserving response to the problem of government and corporate surveilance. Not everyone opposes such surveilance, and not everyone is in favor of private efforts to defeat it. An HTTP protocol which provides us with no means of opting out of the Concealment Society takes out of our hands a choice that should be ours.

     Thanks

     Bruce

Stephen Farrell <[hidden email]> wrote:
>If there are good reasons to prefer the status quo that's fine, but that treaty is a fairly old thing
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Reply | Threaded
Open this post in threaded view
|

How HTTP 2.0 mandatory security will actually reduce my personal security

Bruce Perens
On 11/14/2013 09:49 AM, Roberto Peon wrote:

There is a means of opting out, however, which exists and is widely deployed: http1

This isn't realistic unless the HTTP 2 specification makes support of HTTP 1 mandatory. Which of course is silly.

There was near unanimity at the plenary that we should do something about pervasive monitoring

You had a humming vote to give yourselves the new mission of curing social and political ills rather than technical ones, by inflicting a mandatory encryption requirement on everyone, everywhere? It sounds like a big over step.


Let's make this more clear and ignore the Amateur Radio issue for now. I don't wish to be forced into concealment in my normal operations on the Internet.


Nor do I wish to have traffic over my personal network which I can not supervise. Unfortunately, there are a lot of operating systems and applications that I have not written which use that network. When I can't see the contents of their network traffic, it is more likely that traffic is being used to eavesdrop upon me. Surrounding that traffic with chaff by requiring encryption of _all_ HTTP traffic means that this hostile encrypted traffic will be impossible to find.


Thus, my security is reduced.


Even were that not the case, websites are changing to https for various other reasons

That's fine, because it's their choice or the users choice. Not yours.


    Thanks


    Bruce


Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Julian Reschke
In reply to this post by Roberto Peon-2
On 2013-11-14 18:49, Roberto Peon wrote:
> There is a means of opting out, however, which exists and is widely
> deployed: http1

And the WG has a mandate to develop a replacement for 1.1, called 2.0.
If we do not indent to develop that protocol anymore, we should re-charter.

> There was near unanimity at the plenary that we should do something
> about pervasive monitoring, and while I don't believe that there were
> any actuonable , unambiguous dieectuves , the spirit of the room was
> quite clear. The IETF intends to attempt to do something about this.

Yes. What we disagree on what that means for HTTP: URIs.

> ...

Best regards, Julian

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

James M Snell
On Thu, Nov 14, 2013 at 10:40 AM, Julian Reschke <[hidden email]> wrote:
> On 2013-11-14 18:49, Roberto Peon wrote:
>>
>> There is a means of opting out, however, which exists and is widely
>> deployed: http1
>
>
> And the WG has a mandate to develop a replacement for 1.1, called 2.0. If we
> do not indent to develop that protocol anymore, we should re-charter.
>

Very emphatic +1. So far the general sentiment of those pushing for
TLS-only seems to be "If you don't want to be forced to use TLS,
tough, you don't get to play with us then". That's not going to work.

- James

>
>> There was near unanimity at the plenary that we should do something
>> about pervasive monitoring, and while I don't believe that there were
>> any actuonable , unambiguous dieectuves , the spirit of the room was
>> quite clear. The IETF intends to attempt to do something about this.
>
>
> Yes. What we disagree on what that means for HTTP: URIs.
>
>> ...
>
>
> Best regards, Julian
>

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Nicolas Mailhot
In reply to this post by Roberto Peon-2

Le Jeu 14 novembre 2013 18:49, Roberto Peon a écrit :

> Your larger problem is not that http2 will do encryption, but rather that
> sites are choosing to use https. No protocol change or spec change can
> protect the HAM community from that sea-change.

That would be more convincing without the frantic attempts to make tls
mandatory instead of relying on web site choices…

--
Nicolas Mailhot


Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Roberto Peon-2

You're mischaracterizing.

The Http/2 spec includes mechanisms for using it without encryption.

Encryption, however, is mandatory for web deployment across the internet in reality because of the difficulty in achieving reliable communications. That is just the way it is. Not my fault. :)

-=R

On Nov 14, 2013 10:05 AM, "Nicolas Mailhot" <[hidden email]> wrote:

Le Jeu 14 novembre 2013 18:49, Roberto Peon a écrit :

> Your larger problem is not that http2 will do encryption, but rather that
> sites are choosing to use https. No protocol change or spec change can
> protect the HAM community from that sea-change.

That would be more convincing without the frantic attempts to make tls
mandatory instead of relying on web site choices…

--
Nicolas Mailhot

Reply | Threaded
Open this post in threaded view
|

Re: HTTP 2.0 mandatory security vs. Amateur Radio

Roberto Peon-2
In reply to this post by James M Snell

It is a fact of deployment, however.
We can wish honey dreams all day and night long of a web where deploying plaintext works (yes, ignoring the pervasive multi-party surveillance), but it does little to change reality where it does NOT work reliably.

-=R

On Nov 14, 2013 8:49 AM, "James M Snell" <[hidden email]> wrote:
On Thu, Nov 14, 2013 at 10:40 AM, Julian Reschke <[hidden email]> wrote:
> On 2013-11-14 18:49, Roberto Peon wrote:
>>
>> There is a means of opting out, however, which exists and is widely
>> deployed: http1
>
>
> And the WG has a mandate to develop a replacement for 1.1, called 2.0. If we
> do not indent to develop that protocol anymore, we should re-charter.
>

Very emphatic +1. So far the general sentiment of those pushing for
TLS-only seems to be "If you don't want to be forced to use TLS,
tough, you don't get to play with us then". That's not going to work.

- James

>
>> There was near unanimity at the plenary that we should do something
>> about pervasive monitoring, and while I don't believe that there were
>> any actuonable , unambiguous dieectuves , the spirit of the room was
>> quite clear. The IETF intends to attempt to do something about this.
>
>
> Yes. What we disagree on what that means for HTTP: URIs.
>
>> ...
>
>
> Best regards, Julian
>
12345