Pervasive encryption: Pro and contra

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
39 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Pervasive encryption: Pro and contra

Tim Bray-3
There has been a *whole lot* of traffic on this subject.  It’s fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.

To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  It’s in a Google doc that’s open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?

I don’t know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.

Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.
Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Tim Bray-3
Um, I see some debate on the issues breaking out in the comments.  I’m not the chair, but if it were, I’d holler at you to have those arguments here; I made sure that every bullet point in that doc had an unambiguous address, so you can say in email that “C2.4 isn’t a problem because...”  My goal was to propose a candidate structure to have the debate around, not an alternate place to have it.


On Sat, Nov 16, 2013 at 5:03 PM, Tim Bray <[hidden email]> wrote:
There has been a *whole lot* of traffic on this subject.  It’s fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.

To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  It’s in a Google doc that’s open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?

I don’t know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.

Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

sm-7
In reply to this post by Tim Bray-3
At 17:03 16-11-2013, Tim Bray wrote:
>There has been a *whole lot* of traffic on this subject. It's
>fascinating that the meeting of minds is so difficult, and any
>possibility of that happening is made more difficult by the
>discussion skewing back and forth across the road.

Thanks for trying to list the pros and cons.

>To help sort things out in my own mind, I just went and read the
>last few hundred messages and attempted to curate the
>pervasive/mandatory encryption arguments, pro and contra.  It's in a
>Google doc that's open to comment by anyone:
>http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
>that can stand up to the pressure?

See http://trac.tools.ietf.org/wg/httpbis/trac/wiki

Regards,
-sm


Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Poul-Henning Kamp
In reply to this post by Tim Bray-3
In message <[hidden email]>
, Tim Bray writes:

>To help sort things out in my own mind, I just went and read the last few
>hundred messages and attempted to curate the pervasive/mandatory encryption
>arguments, pro and contra.  It's in a Google doc that's open to comment by
>anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
>that can stand up to the pressure?

It's a good topline summary.

I would add:

C6.5:  Pervasive encryption will be defeated by the agencies tasked with
       performing pervasive surveillance:  It's their job.

C6.6:  Pervasive encryption runs a very big risk of being out-lawed, if
       it makes pervasive surveillance impossible.

(And before any USAnians flash the "1st ammendment" card:  Yes, you
have a constitutional right to say any damn thing you want, but not
to encrypt it, in particular not if the "national security" flag
is waved.)

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[hidden email]         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Robert Collins-3
In reply to this post by Tim Bray-3
C5.2 It’s unethical to insert encryption into people’s connections
without their consent.
This has an inverse:
P3 : It's unethical to have presumed-private conversations not be

Arguably to P1 (protection) : this is about expectations of users.

-Rob

On 17 November 2013 14:03, Tim Bray <[hidden email]> wrote:

> There has been a *whole lot* of traffic on this subject.  It’s fascinating
> that the meeting of minds is so difficult, and any possibility of that
> happening is made more difficult by the discussion skewing back and forth
> across the road.
>
> To help sort things out in my own mind, I just went and read the last few
> hundred messages and attempted to curate the pervasive/mandatory encryption
> arguments, pro and contra.  It’s in a Google doc that’s open to comment by
> anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
> that can stand up to the pressure?
>
> I don’t know if trying to organize the talking points is generally useful,
> but I sure found it personally useful; maybe others will too.
>
> Disclosure: I remain pretty strongly in favor of as much mandatory
> encryption as we can get, so that may have filtered my expression of the
> issues.  I've version-stamped this: 2013/11/16, and promise not to change it
> in case people comment on it.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Bruce Perens
Tim,

I would add "Ubiquitous encryption chaffs the internet. Those of us who are responsible to manage networks will have a diminished ability to isolate pernicious traffic among all of the chaff.

I am particularly concerned about traffic from apps not in my control on my own network.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Tim Bray-3
I think C1.1 (in the second list, oops, first list shouldn’t be numbered) covers that.


On Sun, Nov 17, 2013 at 12:56 AM, Bruce Perens <[hidden email]> wrote:
Tim,

I would add "Ubiquitous encryption chaffs the internet. Those of us who are responsible to manage networks will have a diminished ability to isolate pernicious traffic among all of the chaff.

I am particularly concerned about traffic from apps not in my control on my own network.


Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Nicolas Mailhot
In reply to this post by Tim Bray-3

Le Dim 17 novembre 2013 02:03, Tim Bray a écrit :

Re: Developers suck, they’re going to leak information anyhow due to
simple error, so transport-level encryption is useless

What I actually wrote is that transport encryption makes the authors of
such mistakes effectively unaccountable to users. A transport that can be
inspected has the same positive properties as open-source code (and people
do inspect weird behaviour when they can)

--
Nicolas Mailhot


Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Nicolas Mailhot
In reply to this post by Tim Bray-3

Le Dim 17 novembre 2013 02:03, Tim Bray a écrit :

> I don’t know if trying to organize the talking points is generally useful,
> but I sure found it personally useful; maybe others will too.

Also

> Pervasive surveillance occurs at endpoints, so transport-level encryption
> is useless.

1. not useless, but of very limited effect

2. it's disingenuous to claim tackling pervasive surveillance when nothing
is done for the cookie networks whose sole aim is pervasive surveillance
and which *are* an http "feature" (unlike TLS which is being bolted on)

--
Nicolas Mailhot


Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Yoav Nir-2
On 17/11/13 2:16 PM, Nicolas Mailhot wrote:
2. it's disingenuous to claim tackling pervasive surveillance when nothing is done for the cookie networks whose sole aim is pervasive surveillance and which *are* an http "feature" (unlike TLS which is being bolted on)
True, but all previous attempts to make cookies better have failed.

  • The httpstate working group closed without standardizing "cake"
  • Recent attempts to get websec to discuss next generation cookies also failed to get people (especially browser vendors) interested.

Granted, the main aim of those attempts were to protect against cookie stealing, but there was also a desire to change the rules of sending cookies around.

I'm afraid, though, that we've come to expect web pages to have a bunch of faces of all our facebook friends who "like"-ed this article, and you need state sharing to get this to work.

Anyway, if you'd like to work on a new HTTP state mechanism with new rules and have some idea how to get the content providers and social networks to agree to work with it, you're welcome to propose a BoF. I promise to hum in favor.

Yoav

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Mike Belshe
In reply to this post by Robert Collins-3

No, this is a pro not a con.  It is unethical for us to ship unsecure software.   http without tls is fundamentally below the bar of basic, known best practices.

On Nov 17, 2013 12:47 AM, "Robert Collins" <[hidden email]> wrote:
C5.2 It’s unethical to insert encryption into people’s connections
without their consent.
This has an inverse:
P3 : It's unethical to have presumed-private conversations not be

Arguably to P1 (protection) : this is about expectations of users.

-Rob

On 17 November 2013 14:03, Tim Bray <[hidden email]> wrote:
> There has been a *whole lot* of traffic on this subject.  It’s fascinating
> that the meeting of minds is so difficult, and any possibility of that
> happening is made more difficult by the discussion skewing back and forth
> across the road.
>
> To help sort things out in my own mind, I just went and read the last few
> hundred messages and attempted to curate the pervasive/mandatory encryption
> arguments, pro and contra.  It’s in a Google doc that’s open to comment by
> anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
> that can stand up to the pressure?
>
> I don’t know if trying to organize the talking points is generally useful,
> but I sure found it personally useful; maybe others will too.
>
> Disclosure: I remain pretty strongly in favor of as much mandatory
> encryption as we can get, so that may have filtered my expression of the
> issues.  I've version-stamped this: 2013/11/16, and promise not to change it
> in case people comment on it.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Mike Belshe
In reply to this post by Poul-Henning Kamp

'runs a risk of' is not a pro or con.

Mike

On Nov 17, 2013 12:18 AM, "Poul-Henning Kamp" <[hidden email]> wrote:
In message <[hidden email]>
, Tim Bray writes:

>To help sort things out in my own mind, I just went and read the last few
>hundred messages and attempted to curate the pervasive/mandatory encryption
>arguments, pro and contra.  It's in a Google doc that's open to comment by
>anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
>that can stand up to the pressure?

It's a good topline summary.

I would add:

C6.5:  Pervasive encryption will be defeated by the agencies tasked with
       performing pervasive surveillance:  It's their job.

C6.6:  Pervasive encryption runs a very big risk of being out-lawed, if
       it makes pervasive surveillance impossible.

(And before any USAnians flash the "1st ammendment" card:  Yes, you
have a constitutional right to say any damn thing you want, but not
to encrypt it, in particular not if the "national security" flag
is waved.)

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[hidden email]         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Stephen Farrell
In reply to this post by Tim Bray-3

So you seem to be assuming mnot's plan, and not the variant
where http:// URIs in HTTP/2.0 use non-authenticated TLS.
I still prefer that latter, which has more pros and fewer
cons I think, though its details need to be figured out.

My take:

Add:

P3: Firesheep.

P4: Security that is more than just MTI is much more likely
to be tested and have fewer interop problems that if the
same mechanisms are optional.

P5: Belshe's comment: the more security is built-in the less
you need to ask the user about.

Cheers,
S.


Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Zhong Yu
In reply to this post by Robert Collins-3
On Sun, Nov 17, 2013 at 2:45 AM, Robert Collins <[hidden email]> wrote:
> C5.2 It’s unethical to insert encryption into people’s connections
> without their consent.
> This has an inverse:
> P3 : It's unethical to have presumed-private conversations not be

Just like their phone lines, I don't think people presume that their
internet conversations are *technically* difficult to eavesdrop by
government or resourceful criminals. People presume the exact
opposite.

Is HTTP/2.0 going to promise people that their conversations are now
unbreakable? Who is in the position to make that promise? How in the
world do we even know that TLS isn't broken by someone who does not
publish their findings?

Zhong Yu

>
> Arguably to P1 (protection) : this is about expectations of users.
>
> -Rob
>
> On 17 November 2013 14:03, Tim Bray <[hidden email]> wrote:
>> There has been a *whole lot* of traffic on this subject.  It’s fascinating
>> that the meeting of minds is so difficult, and any possibility of that
>> happening is made more difficult by the discussion skewing back and forth
>> across the road.
>>
>> To help sort things out in my own mind, I just went and read the last few
>> hundred messages and attempted to curate the pervasive/mandatory encryption
>> arguments, pro and contra.  It’s in a Google doc that’s open to comment by
>> anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere
>> that can stand up to the pressure?
>>
>> I don’t know if trying to organize the talking points is generally useful,
>> but I sure found it personally useful; maybe others will too.
>>
>> Disclosure: I remain pretty strongly in favor of as much mandatory
>> encryption as we can get, so that may have filtered my expression of the
>> issues.  I've version-stamped this: 2013/11/16, and promise not to change it
>> in case people comment on it.
>

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Stephen Farrell


On 11/17/2013 03:54 PM, Zhong Yu wrote:
> Is HTTP/2.0 going to promise people that their conversations are now
> unbreakable?

Terms like unbreakable are irrelevant here. Anyone who makes any
such claim, or uses any such claim to argue anything, is talking
nonsense from a security point of view.

Neither the opponents of, nor proponents for, more use of TLS
gain anything with such bogus arguments.

S.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Zhong Yu
You are right. I used an inappropriate word, you spotted it and my
whole argument collapses.

So, what are we going to tell people about the security of HTTP/2.0?



On Sun, Nov 17, 2013 at 9:57 AM, Stephen Farrell
<[hidden email]> wrote:

>
>
> On 11/17/2013 03:54 PM, Zhong Yu wrote:
>> Is HTTP/2.0 going to promise people that their conversations are now
>> unbreakable?
>
> Terms like unbreakable are irrelevant here. Anyone who makes any
> such claim, or uses any such claim to argue anything, is talking
> nonsense from a security point of view.
>
> Neither the opponents of, nor proponents for, more use of TLS
> gain anything with such bogus arguments.
>
> S.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Stephen Farrell


On 11/17/2013 04:03 PM, Zhong Yu wrote:
> You are right. I used an inappropriate word, you spotted it and my
> whole argument collapses.
>
> So, what are we going to tell people about the security of HTTP/2.0?

First, I'd tell them not to take everything they've seen on this
list in the last few days as being authoritative. The ramifications
of the current plan are still being figured out as far as I can
see.

And then *after* that is figured out, you could tell them about the
security of HTTP/2.0. In other words, its probably a bit early to
be writing the user guide:-)

S.


>
>
>
> On Sun, Nov 17, 2013 at 9:57 AM, Stephen Farrell
> <[hidden email]> wrote:
>>
>>
>> On 11/17/2013 03:54 PM, Zhong Yu wrote:
>>> Is HTTP/2.0 going to promise people that their conversations are now
>>> unbreakable?
>>
>> Terms like unbreakable are irrelevant here. Anyone who makes any
>> such claim, or uses any such claim to argue anything, is talking
>> nonsense from a security point of view.
>>
>> Neither the opponents of, nor proponents for, more use of TLS
>> gain anything with such bogus arguments.
>>
>> S.
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Poul-Henning Kamp
In reply to this post by Mike Belshe
In message <CABaLYCuBgBZWZR1dY7_mkHVSrLBncyb=[hidden email]>
, Mike Belshe writes:

>'runs a risk of' is not a pro or con.

First, I wrote "runs a very big risk of", and second I have a very
hard time wrapping my head around how an IETF WG could consider that
a "pro" argument, so please enlighten me ?


--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[hidden email]         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Poul-Henning Kamp
In reply to this post by Mike Belshe
In message <[hidden email]>
, Mike Belshe writes:

>No, this is a pro not a con.  It is unethical for us to ship unsecure
>software.   http without tls is fundamentally below the bar of basic, known
>best practices.

Bull-shit.

It may be below your personal political point of view, but I have
yet to hear one single porn-site say that lack of encryption is
below their standard.

That's only funny until you remember that they and they move about
30% of the HTTP bytes on the net.

Furthermore, television is being "de-cabled" and I have yet to hear
any of them wanting to first expend effort on DRM encryption and then
wrap that in an extra layer of encryption because it would be
"below the bar" for somebodys "best practice".

HTTP/2 is a protocol Mike, it is not a policy.


--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[hidden email]         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Reply | Threaded
Open this post in threaded view
|

Re: Pervasive encryption: Pro and contra

Bjoern Hoehrmann
In reply to this post by Poul-Henning Kamp
* Poul-Henning Kamp wrote:
>In message <CABaLYCuBgBZWZR1dY7_mkHVSrLBncyb=[hidden email]>
>, Mike Belshe writes:
>
>>'runs a risk of' is not a pro or con.
>
>First, I wrote "runs a very big risk of", and second I have a very
>hard time wrapping my head around how an IETF WG could consider that
>a "pro" argument, so please enlighten me ?

I understood the comment as saying that the point does not belong on
a "pro and contra" list, which seems fair enough in this instance.
--
Björn Höhrmann · mailto:[hidden email] · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

12