IETF Logo Mail Archive

Re: [IAB] Mandatory encryption as part of HTTP2

Phillip Hallam-Baker <hallam@gmail.com> Fri, 15 November 2013 14:43 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4503611E81BE for <ietf@ietfa.amsl.com>; Fri, 15 Nov 2013 06:43:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NEKzgrThl9GI for <ietf@ietfa.amsl.com>; Fri, 15 Nov 2013 06:43:47 -0800 (PST)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id F0A1011E81B6 for <ietf@ietf.org>; Fri, 15 Nov 2013 06:43:38 -0800 (PST)
Received: by mail-la0-f46.google.com with SMTP id eh20so2822941lab.19 for <ietf@ietf.org>; Fri, 15 Nov 2013 06:43:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=r5mgM9jmphbxCc8JPngBDqO5dO22DIUV+bN/jmbR6Ok=; b=HcyJwtgiyV56SXGw6RF+sB2Y/2S/5FhboBM8/yAIAER2LfgHomuTY07l8iZWTX0WqT v045BAq0QthnOdc5j+15XWIexbvy6bT9yqCZAmma5CzC5mFP+0i8fnkXk3TTSWRztL+9 Flky5BrMVOJJh+ylGIxvlplrwUwckgsXWzqKVTjWl6WJDmrYaZ+eyXw8GD4yUAwUJVlz +7bQ2lCHU/psKxS8YrFbRPwIicMsnYwSsFCEZ+KrK5rzB1U9KaPwyhA8l58Z7k3Pgv/R BcfTm1WXw0vOmv+qBeDAvemwlSC5NYmTQP3/CfJ5z1mdzU5Bi9iuPjltphVkcK23PVEK CzJA==
MIME-Version: 1.0
X-Received: by 10.152.6.169 with SMTP id c9mr1868421laa.28.1384526617752; Fri, 15 Nov 2013 06:43:37 -0800 (PST)
Received: by 10.112.46.98 with HTTP; Fri, 15 Nov 2013 06:43:37 -0800 (PST)
In-Reply-To: <13cae6c747eb44eebb2664902df34855@exrad6.ad.rad.co.il>
References: <946B0ADE-F03B-4249-9D74-904C4BF13632@muada.com> <290E20B455C66743BE178C5C84F1240847E5103781@EXMB01CMS.surrey.ac.uk> <CAP+FsNfJ7iP8FZqY=beKE_ZNfiwZYvMcwbU9VUXmD5x4vNg9Kw@mail.gmail.com> <290E20B455C66743BE178C5C84F1240847E5103783@EXMB01CMS.surrey.ac.uk> <52860201.8000001@gmx.net> <3B2983EA-4462-4398-B822-95437C664E2F@muada.com> <13cae6c747eb44eebb2664902df34855@exrad6.ad.rad.co.il>
Date: Fri, 15 Nov 2013 09:43:37 -0500
Message-ID: <CAMm+Lwhjw_39_0ujwHtr3KuGLBLtPEgmYX5cDmC+Xc6cLSLJyQ@mail.gmail.com>
Subject: Re: [IAB] Mandatory encryption as part of HTTP2
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Yaakov Stein <yaakov_s@rad.com>
Content-Type: multipart/alternative; boundary="089e01493c063bbbd004eb38398c"
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, "ietf@ietf.org" <ietf@ietf.org>, "iab@iab.org" <iab@iab.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Nov 2013 14:43:47 -0000

On Fri, Nov 15, 2013 at 8:54 AM, Yaakov Stein <yaakov_s@rad.com> wrote:

> > That aside, just saying "you MUST do TLS with HTTP/2.0" doesn't buy much
> security in a world
> > where CAs are not trustworthy, people still use RC4/MD5, use woefully
> short keys for
> > otherwise strong algorithms, browsers have effectively trained people to
> always click
> > "visit anyway" and so on.
>
> I believe that this proposal was in line with Bruce Schneier's suggestion
> at the plenary.
> Do anything to make more work for people trying to listen in to everything
> on the Internet.
>
> For example, put a key at the top of the content and then encrypt using
> this key.
> This is meaningless from the confidentiality point of view,
> but eats up computational resources and energy for someone trying to
> vacuum up everything.
>
> Even better - when you don't have anything to transmit, send meaningless
> supposed encrypted packets.
> If everyone did this their storage costs would skyrocket.
> Even better, send packets with easily broken encryption containing
> keywords of interest.
>

I made a similar proposal at the link layer, which I think is where things
like flood fill really belong.

At the HTTP layer, there is no point in passing raw keys in band. At least
do a DH exchange.


The problem I have with TLS everywhere is that TLS is a pretty heavy
protocol stack with a huge amount of complexity and HTTP/2.0 is meant to be
reducing complexity. I think what the people are really trying to do is to
optimize HTTP for the narrow use case they are familiar with. Which is not
what I want which is to reduce the complexity.

I recently proposed a fix for HTTP authentication cookies that exchanges a
key in-band:

https://datatracker.ietf.org/doc/draft-hallambaker-httpsession/


Now that scheme could be easily modified to add in a D-H exchange so as to
provide ephemeral keying and defend against pervasive attack. And it would
be very easy to add in encryption of the message content. In fact the
original prototype actually did just that. It is even possible to specify a
new key with the content which allows cached content to be encrypted.

This approach gives all the security advantages of weak-SSL-everywhere
without the cost of kicking the proxies in the head and disrupting caching
and all the other problems that the proposaed change in the security model
will cause.


-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email