Re: breaking TLS (Was: Re: multiplexing -- don't do it)
Amos Jeffries <squid3@treenet.co.nz> Fri, 13 April 2012 06:17 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F361321F8568 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Apr 2012 23:17:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.35
X-Spam-Level:
X-Spam-Status: No, score=-10.35 tagged_above=-999 required=5 tests=[AWL=0.249, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7yL5A-10jZrj for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Apr 2012 23:17:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 776C521F8566 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 12 Apr 2012 23:17:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SIZno-0007H4-B8 for ietf-http-wg-dist@listhub.w3.org; Fri, 13 Apr 2012 06:16:12 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <squid3@treenet.co.nz>) id 1SIZnd-0007G5-Np for ietf-http-wg@listhub.w3.org; Fri, 13 Apr 2012 06:16:01 +0000
Received: from ip-58-28-153-233.static-xdsl.xnet.co.nz ([58.28.153.233] helo=treenet.co.nz) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1SIZna-0005lC-Eu for ietf-http-wg@w3.org; Fri, 13 Apr 2012 06:15:59 +0000
Received: from [10.1.1.14] (unknown [119.224.40.49]) by treenet.co.nz (Postfix) with ESMTP id 40C15E6DA3 for <ietf-http-wg@w3.org>; Fri, 13 Apr 2012 18:15:33 +1200 (NZST)
Message-ID: <4F87C483.2080402@treenet.co.nz>
Date: Fri, 13 Apr 2012 18:15:31 +1200
From: Amos Jeffries <squid3@treenet.co.nz>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: ietf-http-wg@w3.org
References: <9b059935-0947-4e7a-87d3-07653f2ec926@default> <CAA4WUYibXq0hn6YKYDmEPMKH6qPCy+qVRPum+KoE7batLJ_58A@mail.gmail.com>
In-Reply-To: <CAA4WUYibXq0hn6YKYDmEPMKH6qPCy+qVRPum+KoE7batLJ_58A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=58.28.153.233; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1SIZna-0005lC-Eu e5f4107054aa9a5266d47b3b62cf93bc
X-Original-To: ietf-http-wg@w3.org
Subject: Re: breaking TLS (Was: Re: multiplexing -- don't do it)
Archived-At: <http://www.w3.org/mid/4F87C483.2080402@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13433
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SIZno-0007H4-B8@frink.w3.org>
Resent-Date: Fri, 13 Apr 2012 06:16:12 +0000
On 7/04/2012 4:02 a.m., William Chan (陈智昌) wrote: > I don't like this analogy. Humans have basic immune defenses. In most > places, we put locks on public facing doors. We send mail in sealed > envelopes. Yet we send almost all our browsing traffic in the clear. > Come on guys. > > And it's not like there aren't enough organizations out there trying > to break SSL already. I think they're already pretty motivated. I think its a great analogy. Door locks are themselves a bygone security technology that was top of the line once and got broadly deployed, even there its still "most places" with patchy lock coverage in "legacy" country areas and postcards. The result, lock picks as sophisticated as rammers. No use trying a lock pick against a bank safe though, or using an RFID scanner against a country hick with barred windows. Variation and appropriate application is the backbone of real security. We just need to keep that in mind when thinking of rolling TLS into everywhere. AYJ
- Re: breaking TLS (Was: Re: multiplexing -- don't … Ray Polk
- Re: breaking TLS (Was: Re: multiplexing -- don't … William Chan (陈智昌)
- Re: breaking TLS (Was: Re: multiplexing -- don't … patrick mcmanus
- Re: breaking TLS (Was: Re: multiplexing -- don't … Ray Polk
- Re: breaking TLS (Was: Re: multiplexing -- don't … Mike Belshe
- Re: breaking TLS (Was: Re: multiplexing -- don't … Mike Belshe
- Re: breaking TLS (Was: Re: multiplexing -- don't … Amos Jeffries