HTTP 2.0 May Be SSL-Only 320
An anonymous reader writes "In an email to the HTTP working group, Mark Nottingham laid out the three top proposals about how HTTP 2.0 will handle encryption. The frontrunner right now is this: 'HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1.' This isn't set in stone yet, but Nottingham said they will 'discuss formalising this with suitable requirements to encourage interoperability.' There appears to be support from browser vendors; he says they have been 'among those most strongly advocating more use of encryption.' The big goal here is to increase the use of encryption on the open web. One big point in favor of this plan is that if it doesn't work well (i.e., if adoption is poor), then they can add support for opportunistic encryption later. Going from opportunistic to mandatory encryption would be a much harder task. Nottingham adds, 'To be clear — we will still define how to use HTTP/2.0 with http:// URIs, because in some use cases, an implementer may make an informed choice to use the protocol without encryption. However, for the common case — browsing the open Web — you'll need to use https:// URIs and if you want to use the newest version of HTTP.'"
Only if I can use self signed certs (Score:5, Insightful)
otherwise this sounds like extortion from CAs
Re:Only if I can use self signed certs (Score:3, Insightful)
Downside with self signed certs is that you get that pop up warning about trusting the cert. For HTTP 2.0 to take off and require SSL (which is a good idea) there needs to be cheap access to valid certificates. Right now, the most reputable SSL vendors are way too expensive.
SSL only = no benefit (Score:5, Insightful)
People think that adding encryption to something makes it more secure. No, it does not. Encryption is worthless without secure key exchange, and no matter how you dress it up, our existing SSL infrastructure doesn't cut it. It never has. It was built insecure. All you're doing is adding a middle man, the certificate authority, that somehow you're supposed to blindly trust to never, not even once, fuck it up and issue a certificate that is later used to fuck you with. www.microsoft.com can be signed by any of the over one hundred certificate authorities in your browser. The SSL protocol doesn't tell the browser to check all hundred plus for duplicates; it just goes to the one that signed it and asks: Are you valid?
The CA system is broken. It is so broken it needs to be put on a giant thousand mile wide sign and hoisted int orbit so it can be seen at night saying: "This system is fucked." Mandating a fucked system isn't improving security!
Show me where and how you plan on making key exchange secure over a badly compromised and inherently insecure medium, aka the internet, using the internet. It can't be done. No matter how you cut it, you need another medium through which to do the initial key exchange. And everything about SSL comes down to one simple question: Who do you trust? And who does the person you trusted, in turn, trust? Because that's all SSL is: It's a trust chain. And chains are only as strong as the weakest link.
Break the chain, people. Let the browser user take control over who, how, and when, to trust. Establish places in the real world, in meat space, in bricks and mortar land, where people can go to obtain and validate keys from multiple trusted parties. That's the only way you're going to get real security... otherwise you're going to be taking a butt torpedo stamped Made At NSA Headquarters up your browser backside. And pardon me for being so blunt, but explaining the technical ins and outs is frankly beyond this crowd today. Most of you don't have the technical comprehension skills you think you do -- so I'm breaking it down for you in everyday english: Do not trust certificate authorities. Period. The end. No debate, no bullshit, no anti-government or pro-government or any politics. The system is inherently flawed, at the atomic level. It cannot be fixed with a patch. It cannot be sufficiently altered to make it safe. It is not about who we allow to be certificate authorities, or whether this organization or that organization can be trusted. We're talking hundreds of billions of dollars in revenue riding on someone's word. You would have to be weapons grade stupid to think they will never be tempted to abuse that power -- and it does not matter who you put in that position. Does. Not. Matter.
Re:Only if I can use self signed certs (Score:5, Insightful)
This. If so, it will be a MASSIVE improvement.
A connection with a self-signed cert is, in a very-worst-case and highly unlikely scenario, only as insecure as the plaintext HTTP connections we use every day without batting an eye. Let's start treating them that way.
SSL-only would be a great first step in making life miserable for those NSA peeping toms.
Re:SSL only = no benefit (Score:5, Insightful)
What are your thoughts on RFC 6698 [ietf.org] as a possible solution to the CA problem?
Company Caching Proxies and Filtering? (Score:4, Insightful)
Also how are companies supposed to effectively web filter if everything is HTTPS. DNS filtering is, in general, too broad as brush. We may not like our web filtered, but companies have a legal duty that employees shouldn't be see questionable material, even if on someone else's computer. Companies have been sued for allowing this to happen.
Re:Betting one beer (Score:5, Insightful)
You can laugh at the IETF as much as you want, there are lots of things to laugh at. However, there are still a lot of very technical people involved in the IETF, and a large subset of them are finding it unpleasant that the Internet they helped create has become something very different. They are fighting the hard fight right now, and we should all support them when we can.
It is possible that the NSA or other similar dark forces may manage to subvert their intentions once more, but so far it looks like there is still hope for the good guys.
Or I may be hopelessly naive.
Re:Only if I can use self signed certs (Score:4, Insightful)
otherwise this sounds like extortion from CAs
You are so close. Eliminating plain-http would destroy the internet as we know it because the only alternative then is forking cash over to an easily-manipulated corporation for the priviledge of then being able to talk on the internet. It's an attack on it's very soul.
It would kill things like Tor and hidden services. It would oblitherate people being able to run their own servers off their own internet connection. It would irrevocably place free speech on the web at the mercy of corporations and governments.
Re:SSL only = no benefit (Score:3, Insightful)
SSL has great key exchange mechanisms. Diffie-Hellman is the most common one, and with large enough groups and large enough keys it works very well. What works less well is the authentication bit, which is what the CAs are doing. But encryption with bad authentication, or even without authentication at all, is not worthless. It prevents passive surveillance, such as the one NSA, GHCQ and their ilk are perpetrating on hundreds of millions of internet users. Yes, you are vulnerable to man-in-the-middle attacks, but from what we have learnt from projects like the SSL Observatory, those are exceedingly rare. Always-on HTTPS would be a huge step forward and would make huge swathes of the data that semi-legal organisations like GCHQ records unusable. If you want better authentication it can be added on top of that - see e.g. Monkeysphere - but complaining when someone is trying to add a huge improvement because you don't think it's perfect is stupid.
Usability issue, not hard technical one... (Score:5, Insightful)
The problem is that all http clients see 'https' as meaning the client has a level of expectation about 'security'. Browsers have long started to do things to very obvious to denote 'good ssl' from 'bad ssl', but the expectation remains that 's' means 'meaningfully secure'.
So how best to convey 'encrypted, but don't really care about third party cert validation', which would be a must-have in a world where *every* public facing site has a TLS protected socket. Maybe a different uri scheme like 'httpe://', complete with the scare strikethroughs and such, but not with the 'are you sure, are you really really sure' that https does today...
Re:Only if I can use self signed certs (Score:5, Insightful)
Wisdom is knowing that Jurassic Park is fiction, and that we contain wild animals in zoos all the time just fine
Re:Only if I can use self signed certs (Score:5, Insightful)
Yeah, because who cares that removing that warning allows anyone to pretend to be your bank?
We need MITM detection as well (Score:4, Insightful)
If everything is to go SSL, we now need widespread "man-in-the-middle" intercept detection. This requires a few things:
Re:StartSSL (Score:3, Insightful)
Something tells me that attrition will solve the problem of Android 2.x devices and Windows XP boxes long before HTTP 2.0 is finalized. It'll be the same non-problem as the fact that I can't get a decent HTML 5 browser on my Windows 3.1 machine.
Re:Only if I can use self signed certs (Score:4, Insightful)
The problem is that your browser trusted a non-trustworthy CA.
The problem is a lack of trustworth CAs in a world where governments want to spy on everyone.
Re:Still extortion... (Score:5, Insightful)
You're confusing "CA" with "third party CA." You need a CA to have a certificate. Hint: the "C" in "CA" stands for "Certificate."
You are confusing a certificate with a certificate which most users trust (aka a Certificate Authority). A root certificate from a known Certificate Authority (i.e. an organization) is just a self signed certificate which is trusted by a large group of users. You need to have a certificate to have a CA, a CA without a certificate is well, useless.
The certificate usages 2 and 3 in the DANE specification should work with a self-signed X.509 cert and thus work without needing to involve a recognized CA, third-party CA, formal CA, or what ever you choose to call it.
I mean, I guess you could just open an editor and type something out that looks like a certificate pair, but it won't be mathematically usable, and it won't work when you try to do a Diffie-Hellman key exchange with it :)
Was this even suggested or are you trying to make yourself appear more intelligent by refuting an unmade claim which is condescendingly absurd?