Re: HTTP/2 and Pervasive Monitoring

Mark Nottingham <mnot@mnot.net> Wed, 20 August 2014 00:36 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5E361A8A03 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 19 Aug 2014 17:36:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.16
X-Spam-Level:
X-Spam-Status: No, score=-5.16 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FRT_DOLLAR=2.41, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LYzI0CktlsDR for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 19 Aug 2014 17:36:36 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474571A004B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 19 Aug 2014 17:36:36 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XJtq3-0001FX-7j for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 00:33:19 +0000
Resent-Date: Wed, 20 Aug 2014 00:33:19 +0000
Resent-Message-Id: <E1XJtq3-0001FX-7j@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1XJtpk-0001Cp-JC for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 00:33:00 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1XJtpj-0001um-H0 for ietf-http-wg@w3.org; Wed, 20 Aug 2014 00:33:00 +0000
Received: from [192.168.1.55] (unknown [118.209.123.236]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 53C6422E255; Tue, 19 Aug 2014 20:32:35 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <5871.1408106089@critter.freebsd.dk>
Date: Wed, 20 Aug 2014 10:32:31 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
X-Mailer: Apple Mail (2.1878.6)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.067, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XJtpj-0001um-H0 a2db58dc843e7ed4b72ab98e11babb2a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26668
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Coming back to this thread...

On 15 Aug 2014, at 10:34 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

>> If Opp-Sec traffic is able to be distinguished (e.g., by using a 
>> different ciphersuite), it'll be possible for an active attacker to 
>> selectively MITM it and not be detected. 
> 
> I'm afraid that you just proved one of my points with respect to
> how hard a sell this might be, because people don't understand
> herd immunity  :-)
> 
> Let me try to explain it another way:
> 
> Today the majority of PM has the form of a passive optical splitter,
> tcpdump and postanalysis.  Given the "take" it brings, this is dirt
> cheap to implement.
> 
> Currently, they can run a filter which is essentially:
> 
> 	tcpdump -i all0 -w - | egrep -i "terrorist|bomb"
> 
> and the cost is way less than they spend on toilet-paper.
> 
> By by whitening the present HTTP plaintext traffic with TLS, even
> with quite weak cipher-suites, we dramatically increase the cost
> of the postanalysis step, instantly making that filter impossible.

Right. What I'm saying is that if they can distinguish Opp-Sec traffic from HTTPS traffic, they can take *all* Opp-Sec traffic and MITM it without being detected (presuming we don't layer on other checks, which raise the cost of deploying Opp-Sec). 

It's true that they can't just tcpdump any more; they have to terminate TLS, so this *does* raise the cost of PM somewhat; my concern is that it's not enough, given the amount of cash being thrown at PM and the continuously reducing cost of terminating TLS.

I'm curious; do Ilari's numbers <http://www.w3.org/mid/20140817120844.GA1346@LK-Perkele-VII> change your mind at all?

Cheers,

--
Mark Nottingham   https://www.mnot.net/