IETF Logo Mail Archive

Re: [Uta] opportunistic keying / encryption considered of dubious value

"Christian Huitema" <huitema@huitema.net> Sun, 23 March 2014 06:08 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7C01A6F2F for <uta@ietfa.amsl.com>; Sat, 22 Mar 2014 23:08:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TVqh0IVRK_fV for <uta@ietfa.amsl.com>; Sat, 22 Mar 2014 23:08:11 -0700 (PDT)
Received: from xsmtp12.mail2web.com (xsmtp12.mail2web.com [168.144.250.177]) by ietfa.amsl.com (Postfix) with ESMTP id A3FF61A6F2D for <uta@ietf.org>; Sat, 22 Mar 2014 23:08:11 -0700 (PDT)
Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp12.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1WRbZq-0007SB-8q for uta@ietf.org; Sun, 23 Mar 2014 02:08:10 -0400
Received: (qmail 6366 invoked from network); 23 Mar 2014 06:08:09 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for <stephen.farrell@cs.tcd.ie>; 23 Mar 2014 06:08:08 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Watson Ladd' <watsonbladd@gmail.com>, 'Trevor Perrin' <trevp@trevp.net>
References: <53249D4E.2080104@network-heretics.com> <5324ECFC.2050004@akr.io> <53256D07.7020005@network-heretics.com> <5325AEB2.9070804@mnt.se> <5325B3E7.3060508@network-heretics.com> <5326271D.40107@eff.org> <532660F5.908@cs.tcd.ie> <CAGZ8ZG0LDrHNo2W-Ho2OssPTYNjoaiRCZ3u4rcvWXhj=vG+3cQ@mail.gmail.com> <532D9B4B.8040106@cs.tcd.ie> <CAGZ8ZG1MKuXbM+AuUt4y0jRVEw4a2o7Mcf_11J=FFR3aOPt1ow@mail.gmail.com> <CACsn0c=DzmuLBX1X5RwKRxv_r4ihPj2M5vgxUKabSf_gyMYOuQ@mail.gmail.com>
In-Reply-To: <CACsn0c=DzmuLBX1X5RwKRxv_r4ihPj2M5vgxUKabSf_gyMYOuQ@mail.gmail.com>
Date: Sat, 22 Mar 2014 23:08:07 -0700
Message-ID: <004f01cf465e$4402ad50$cc0807f0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQFATEc5OdT+uiqFaQB9cQpffaxsPgHDZaxgAhGxpTUCMrsdwAF+80amAcHs+5IBc99DUQEU8gwAAiHTREoB918AqgKKfSAtm3h1sjA=
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/Fvh_kgGMRAiEbPrx94Q2QMqCmPE
Cc: uta@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [Uta] opportunistic keying / encryption considered of dubious value
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 06:08:13 -0000

> Personally I have never understood why connecting to a site with a bad
> certificate shows me a warning, while visiting a site over HTTP does
> not.

That's probably the hardest part of the "opportunistic encryption" effort.
The user interface that you describe was developed in accordance to the
principles of PKI, for which the norm is a valid certificate signed by an
approved authority. We know that these principles lead to severe deployment
issues. There is of course the financial cost of paying for the certificate,
but that's probably not the biggest problem. There is a cost in installing a
certificate on a web server. Having an expiration date in the certificate
forces periodic administrative action that are cumbersome for small sites,
and have occasionally tripped large sites. If a site wants to switch to a
longer key, they need a new certificate, yet another cumbersome process. And
then there is the whole issue of authorities being able to spoof
certificate.

We know all that, but at the same time we do not have yet a good
alternative. How does a  client distinguish between a legitimate self-signed
certificate and a clumsy man-in-the-middle attack? If a client sees an
expired certificate, how does it distinguish between a lazy administrator
and an attacker reusing an expired and possibly compromised certificate? If
we can answer these questions, and agree on better user interface
guidelines, then we can possibly reduce the friction associated with the
deployment of TLS in small sites.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email