Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0 177
Lauren Weinstein writes "You'd think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven't authorized, that a plan to formalize a mechanism for ISP and other 'man-in-the-middle' snooping would be laughed off the Net. But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft 'Explicit Trusted Proxy in HTTP/2.0' (14 Feb 2014) haven't gotten the message. What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping."
Well for one... (Score:5, Insightful)
Pretty much anyone can submit an IETF RFC if they really want. The existence of a draft does not guarantee a ratified version will exist someday.
For another, it could be much worse. There is explicit wording at least here about seeking consent from the user and allowing opt-out even in the 'captive' case, as well as notifying the actual webserver of this intermediary, and that the intermediary must use a particular keyusage field meaning that some trusted CA has explicitly approved it (of course, the CA model is pretty horribly ill-suited for internet scale security, but better than nothing). Remember how Nokia confessed they silently and without consent had their mobile browser hijack and proxy https traffic without explicitly telling the user or server? While something like this being formalized wouldn't prevent such a trick, it would be very hard to defend a secretive approach in the face of this sort of standard being in the wild.
Keep in mind that in a large number of cases in mobile, the carriers are handing people the device including the browser they'll be using. A carrier could do what Nokia admits to in many cases without the user being the wiser and claim the secretive aspect is just a side effect today. If there was a standard clearly laying out that a carrier or mobile manufacturer should behave a certain way, that defense would go away.
I would always elect the 'opt out' myself, but I'd prefer anything seeking to proxy secure traffic be steered toward doing things on the up and up rather than pretending no one will do it and leaving the door open for ambiguous intentions.
Re: (Score:2)
Remember how Nokia confessed they silently and without consent had their mobile browser hijack and proxy https traffic without explicitly telling the user or server? While something like this being formalized wouldn't prevent such a trick, it would be very hard to defend a secretive approach in the face of this sort of standard being in the wild.
Except the consumer of this ID would be anyone with a browser which is potentially billions of people. The only question that matters in my opinion is can you explain the concept of "trusted proxy of untrustworthy content" to an average person (e.g. cookie baking oracle) ... if not essentially you are asking the user to provide an answer to a question they don't understand. A stupid and pointless question I might add.
If there was a standard clearly laying out that a carrier or mobile manufacturer should behave a certain way, that defense would go away.
Providing legal cover for illegitimate behavior I suspect is the whole point. See the use
Please correct me if I'm wrong... (Score:3)
In other words, it doesn't make things any worse than the current situation (where http: URLS are retrieved in plain text all the time) and does permit the user to control whether they want some protection against interception or potentially better performance. And it doesn't appear to change the situation for https: at all.
Or that's how it appears to me.
Re: (Score:2)
But as I read it, the issue seems to arise from the fact that HTTP2 will permit TLS to be used with both http: and https: URLs. If it is used for http: URLs, then existing proxy and caching mechanisms will simply break. I think this is a
My understanding using TLS for HTTP via "HTTP2" is accomplished via *untrusted* opportunistic encryption. Nothing breaks if your operating a proxy supporting HTTP2. Proxy would simply terminate the encryption from the client and setup a separate equally useless "encrypted" channel to the server. The proxy would act as a middle man.
proposal for "trused proxies" to be permitted where an http: URL is in use and TLS is also employed, I don't think it's proposed that this should apply to https: URLs.
Basically what they are proposing is to provide a "trusted proxy" for completely untrustworthy http transactions. How is this not an oxymoron? What is the security value? Va
The current solution (Score:2, Informative)
If you want to do this now, you're typically in one of two situations:
You need to proxy the traffic for all users of a company, in order to filter NSFW content and to scan for viruses and other malware. In this case you add your own CA to all company computers. Then you MITM all SSL connections. This doesn't work for certain applications which use built-in lists of acceptable CAs, but mostly the users will be none the wiser.
The other situation is that you want a reverse proxy in front of your hosting infras
Hidden problems with proxies (Score:5, Informative)
My employer uses a MITM HTTPS proxy. The IT department pushed down a trusted corporate certificate, and most people don't even know their HTTPS connections aren't secure any more. The real problem is when some application, other than a browser, needs internet access and it fails. This includ sethings like web installers that download the app during installation, automatic update systems, secure file transfer software, or things that call home to confirm a license key. On occassion a developer curses some installer for not working, then we inspect the install.log file and find something about a certificate failure.
IT departments forget that HTTPS is used for more than just browsing the web.
Re: (Score:3)
Re: (Score:2)
No, not necessarily. Some IT departments are just more paranoid than others about letting un-filtered https go through the firewall, due to the new generation of malware which is typically doing C&C over HTTPs to thousands of randomly generated and not blacklisted URLs.
You have a choice - you MITM/inspect HTTPs, you allow only whitelisted HTTPs connections (which is not really practical due to the ever changing whitelist),
Re: (Score:2)
This sort of thing is their ideal wet dream whether it came from them or not.
Re: (Score:2)
Those applications are broken. If they fail to respect the OS proxy and CA settings they are the ones at fault.
In a corp environment nothing should be calling home ever, that is what they made licences servers for.
Updates should be gotten from an update server, ya know something that IT approves.
Installers calling home again should never happen.
Post SOX/HIPPA there is no secure file transfer your IT dept has a legal requirement to look and record things coming in and out the door.
Re: (Score:2)
That depends on what the purpose of this application is. There are purposes for which you may prefer an application failing instead of accepting another certificate. If the application promised end-to-end safety, with a very specific *certified* configuration ending on the target (i imagine Software updates for the development of embedded systems in cars), then failure by default is the right behaviour until sombody signs of a sheet of paper that he/she/the company takes responsibility to the end customer (
Re: (Score:2)
Anything like that is not running on a GP computer, as the hardware is very much part of the solution. Nor should it be connected to the general corp lan, an environmental system would be a good example it goes in a DMZ gets holes punched through to exactly what it needs and can not access anything else.
Re: (Score:2)
The development systems for embedded software *are* running on GP computers. Simulink embedded coder etc require windows PCs. And yes, these developers dont transfer everything by floppy/sneakernet.
Re: (Score:2)
Post SOX/HIPPA there is no secure file transfer your IT dept has a legal requirement to look and record things coming in and out the door.
Ironically, HIPAA requires that they NOT recording things coming in and out of the door. Yay for regulation!
Re: (Score:2)
In a corp environment nothing should be calling home ever, that is what they made licences servers for.
Updates should be gotten from an update server, ya know something that IT approves.
Installers calling home again should never happen.
Thinking like that is why everyone hates IT departments. You are saying that applications should be designed to support the IT departments way of doing things. In reality, lots and lots of apps call home and perform their own licensing. There's nothing wrong with that except that it interferes with the IT departments "vision" of perfect control.
Post SOX/HIPPA there is no secure file transfer your IT dept has a legal requirement to look and record things coming in and out the door.
Actually, HIPAA states the exact opposite. That is why our company has specific file transfer rules in place to prevent snooping. If our IT department intercept
Re: (Score:2)
As a website operator, I want to know if my content is being MITMd en route to the user. I know about the SSL fingerprint trick that lets a really technical user discover proxying, but I want to automate this process server-side, and stick up a big banner to say "Your employer is snooping on this connection, please log in from a trusted machine" (and then I'll prevent the user from logging in).
Re: (Score:2)
As a website operator, I want to know if my content is being MITMd en route to the user. I know about the SSL fingerprint trick that lets a really technical user discover proxying, but I want to automate this process server-side, and stick up a big banner to say "Your employer is snooping on this connection, please log in from a trusted machine" (and then I'll prevent the user from logging in).
What you just wrote makes about as much sense as: "My Internet is currently down so I'm sending a nasty e-mail to my ISP demanding they fix the problem."
Re: (Score:2)
Why? If the connection is being MITMd, then both sides need to be able to figure this out.
There was a long discussion on this (regrettably rejected by the browser vendor) to allow the SSL fingerprint to be obtained in JS. That would make it reasonably easy for the site operator to verify that the SSL cert hadn't been tampered with. (Of course, a really evil proxy can scan for the JS, but that game of whack-a-mole is usually easier for the good guys to win, at least sometimes).
Re: (Score:2)
Why? If the connection is being MITMd, then both sides need to be able to figure this out.
You answer your own question in the next paragraph.
You have a compromised communication channel and you are making decisions based on content of data communicated over that channel. It's broken so lets use it anyway and hope for the best.
There was a long discussion on this (regrettably rejected by the browser vendor) to allow the SSL fingerprint to be obtained in JS. That would make it reasonably easy for the site operator to verify that the SSL cert hadn't been tampered with. (Of course, a really evil proxy can scan for the JS, but that game of whack-a-mole is usually easier for the good guys to win, at least sometimes).
If you want servers to validate clients use client certificates or TLS-SRP to log-on to a site. All MITM countermeasures need to be cryptographically bound to session encryption or they are useless. "whack-a-mole" scenarios do not prove security and security without mea
Re: (Score:2)
The IT department didn't forget. The higher ups never knew, never bothered to find out, and never was interested in the answer anyway.
Re: (Score:3)
Apps that don't use the Microsoft certificate store:
I don't see what the fuss is about. (Score:5, Interesting)
It's already quite easy to add a * certificate to a browser to allow a proxy to intercept SSL. This is a standard practice in many LANs to allow the web filter to work on SSL pages - otherwise it'd be impossible to perform more than the most basic DNS/IP filtering on HTTPS sites, which would let a *lot* of undesired content through - google images alone would be quite the pornucopia.
All this proposal does is formalise the mechanism that people are already widely using. The end user still needs to explicitly authorise the proxy, no different than adding a * certificate today - and that's something so common, Windows lets you do it via group policy. The author's big fear seems to be that ISPs could start blocking everything unless the user authorises their proxy - and they could do that already, just be blocking everything unless the user authorises their * certificate!
And either way, they won't. For reasons of simple practicality. Sure, they could make the proxy authroisation process easy by giving a little 'config for dummies' executable. Easily done. Now repeat the same for the user's family with their three mobile phones (One android, one iOS, one blackberry), two games consoles, IP-connected streaming TV, the kid's PSP and DS (Or successor products), the tablet and the internet-connected burgler alarm. All of which will be using HTTP of some form to communicate with servers somewhere, and half of them over HTTPS, with the proportion shooting *way* up if HTTP/2.0 catches on.
Re: (Score:2)
Re: (Score:2)
It's already quite easy to add a * certificate to a browser to allow a proxy to intercept SSL. This is a standard practice in many LANs to allow the web filter to work on SSL pages - otherwise it'd be impossible to perform more than the most basic DNS/IP filtering on HTTPS sites, which would let a *lot* of undesired content through - google images alone would be quite the pornucopia.
So, if I understand you correctly, this proposal does nothing which it is not already possible to do, and should therefore be discarded...
Re: (Score:2)
Sort of. Nothing that isn't possible to do right now. But the MITM-via-trusted-cert isn't the tidiest approach. It's an administrative headache - every OS has its own method for adding a trusted cert, and some don't permit it at all, and it doesn't allow clients to validate the server's certificate if the proxy doesn't accept it. I'm not sure quite what this proposal is, but it appears to be something to build in properly from the beginning support for trusted cert interception so it won't be such an inconv
Re: (Score:2)
So? That's not really enough of an excuse to record what the users have flagged as purely private conversations by using https in the first place. IMHO it's just as immoral as installing cameras in motel bedrooms and bathrooms to make sure the guests don't get up to any private acts that the motels terms of service forbids.
If I was in possession of one of t
Re: (Score:2)
Because some televisions come with built-in netflix streaming support.
Re: (Score:2)
Not an option with HTTP/2.0. Encryption is required - something it inherited from SPDY. This is because the SPDY designers very much do not want proxies getting in the way and potentially causing all sorts of screw-ups - it's just awkward when a string of perfectly innoculous data happens to trigger a profanity filter and causes a web-app to fail without obvious cause. Also, Google is an ad company, so they are naturally opposed to the other great function of HTTP proxies: Ad filtering.
Misleading summary (Score:2, Interesting)
From the *actual* draft:
This document describes two alternative methods for an user-agent to
automatically discover and for an user to provide consent for a
Trusted Proxy to be securely involved when he or she is requesting an
HTTP URI resource over HTTP2 with TLS. The consent is supposed to be
per network access. The draft also describes the
Re: (Score:2, Insightful)
This is also from the *actual* draft [ietf.org]:
7. Privacy Considerations
Notice how it's empty? The author(s) plainly don't give two hoots about use privacy.
Re: (Score:2)
From what we've seen with the SSL proxies in workplaces that is a very legitimate concern.
A Question (Score:3)
What is going to happen to all those secure credit card transactions that are the life-blood of internet commerce, when third parties figure out how to decrypt packets en-route by infiltrating the procedures of ISP's and alter them to "achieve efficiencies"?
You would think capitalists have a lot to loose if this proposal goes forward.
Re: (Score:2)
Re: (Score:3)
if I didn't install the OS and I'm inside a corp LAN, I assume the worthless little 'lock' icon doesn't mean shit anymore.
I would use my own laptop and my own purchased and installed VPN.
these days, if you are in corp LAN, you have to assume you are being logged and traffic sniffed. this isn't 10 yrs ago when it was new and hot to do this; I would assume any company bigger than 10 people have this 'proxy' shit going on (mitm ssl).
and about 10 yrs ago, I had an interview at bluecoat when I was informed by a
Re: (Score:2)
What is going to happen to all those secure credit card transactions that are the life-blood of internet commerce, when third parties figure out how to decrypt packets en-route by infiltrating the procedures of ISP's and alter them to "achieve efficiencies"?
You would think capitalists have a lot to loose if this proposal goes forward.
No kidding. Every day brings more and more proof that the bad guys are smarter (or at least way more motivated) than the good guys.
Re: (Score:2)
Valid point.
Originally, SSL/TLS and HTTPS were developped and deployed to provide pprotection for this small amount of snesitive data.
Now, for various reasons, we have HTTPS protect pages that contain a lot of "rich" content that actually doesn't need this protection. This has the side affect of creating a lot of extra, uncachable content. I can understand why ISPs would want a way handle that.
So, is there a way to securely protect the sensitive stuff while leaving the rest unencrypted? Perhaps the non-sens
My Favorite Part (Score:3, Funny)
Re: (Score:2)
Should we trust anything coming out from the US Department of Commerce?
Re: (Score:2)
Actually there is an extensive section on Privacy Considerations, but it has been deemed classified under U.S. National Security.
-
Heck no stay out of the middle (Score:2)
Call me old school but transparent interception of https does not increase my feeling of safety. It breaks the net and any security I might imagine in a transaction. This technology will make it really easy for anyone to do what for example Microsoft does to Skype connections (which is why Skype isn't allowed in my company). It provides for any number of decryption points to be created between you and your bank or whatever. The doc suggests that it can be used for both anonymization and deep inspection, pos
Re: (Score:2)
Go look at the laundry list of CAs your browser trusts. It's a mile long, and any one of those companies can insert itself between you and the website you are visiting and get your login credentials, bank account numbers, personally identifiable information, and whatever other information you THINK is secure.
Not to mention SHA1 signature algorithm all CAs currently using has been known to be broke for years. Would be amusing if a cluster of PS4's were used this time to demonstrate that which had apparently not already been learned five years ago.
SSL is defective by design.
Please join my campaign of pushing browser support for TLS-SRP. Tell all of your friends, have them spread the word, bug the sh1t out of browser vendors to commit the SRP patches already in many of their ticket systems. While it is no panacea it is a useful option wh
Not your computer (Score:2)
The author who says that this is 'most alarming' is missing one key thing; sometimes people use computers that belong to someone else.
Any company that needs it's employees to be able to use the internet, but also want to be able to detect any employee that is sending documents via the internet to outside of the company would love to use this, as well as have every permission to install this on their own computers. They could then have the employees computers trust the SSL proxy, and it could easily detect a
Re: (Score:2)
The author who says that this is 'most alarming' is missing one key thing; sometimes people use computers that belong to someone else.
Any company that needs it's employees to be able to use the internet, but also want to be able to detect any employee that is sending documents via the internet to outside of the company would love to use this, as well as have every permission to install this on their own computers.
Alternately, they put in a transparent https proxy, and sign a trust certificate for the proxy, and install the cert on all the corporate computers. Attempts to access port 443 from interior computers which do not already have the cert installed are redirected to a download page for the cert, and have a one-time "opt in". Making the proposal totally unnecessary for this use case.
The blind leading the blind (Score:3)
Additional benefits of the tech will be to create outgoing load balanced for traffic which add additional security.
How about protecting users privacy by using this tech. If HTTPv2 is any good for security, deep packet inspection will not be possible and as a result all endpoint security would have to exist at the endpoint. Porn filters for kids? Anti-virus for corporations? Popup blockers?
How about letting the user make use of technology like antivirus on their own local machine to improve their experience? How many people on slashdot use popup blockers which work as proxies on the same machine.
This tech adds to their security end-to-end instead. After all, it allows a user to explicitly define a man-in-the-middle to explicitly trust applications and appliances in the middle to improve their experience.
What about technology like Opera mini which cuts phone bills drastically or improves performance by reducing page size in the middle.
Could the tech be used maliciously? To a limited extent... Yes. But it is far more secure than not having such a standard and still using these features. By standardizing a means to explicitly define trusted proxy servers, it mitigates the threat of having to use untrusted ones.
Where does it become a problem? It'll be an issue when you buy a phone/device from a vendor who has pre-installed a trusted proxy on your behalf. It can also be an issue if the company you work for pushes out a trusted proxy via group policy that now is able to decrypt more than what it should.
I haven't read the spec entirely, but I would hope that banks and enterprises will be able to flag traffic as "do not proxy" explicitly so that endpoints will know to not trust proxies with that information.
Oh... And as for tracking as the writer suggests... While we can't snoop the content, tools like WCCP, NetFlow, NBAR (all Cisco flavors) as well as transparent firewalls and more can already log all URLs and usage patterns without needing to decrypt.
So... May I be so kind as to simply say "This person is full of shit" and move on from there?
Re: (Score:2, Insightful)
This tech adds to their security end-to-end instead. After all, it allows a user to explicitly define a man-in-the-middle to explicitly trust applications and appliances in the middle to improve their experience.
I think you need to re-examine your use of the word "security" and "end-to-end".
This does precisely the opposite of what you said, to achieve the aim you stated.
"This tech reduces their security end-to-end, to improve their experience" is what it does. I admit, it has the potential to improve their
Not Sure this is particularly alarming (Score:2)
It seems to me this is just an attempt to standardize what people are already doing with fakey hackish methods involving bogus certs etc.
HTTPS and avoiding broken proxies (Score:2)
One of the benefits of using HTTPS currently is that it avoids broken proxies. There are all sorts of implementations that claim to support HTTP 1.1, but don't support 100 Continue, content negotiation, or other important features you might need to use. If you use HTTPS, it currently avoids all the breakage (unless the destination server itself is actually broken). Besides the security issues inherent in this model, you have to worry about all the cases in which somebody installed some broken proxy that doe
This is the "http?" question with HTTP2/SPDY (Score:2)
This is the same question as what to do with "HTTP" (not HTTPS) requests when transported over HTTP2 (which is supposed to be all TLS) and SPDY (which is already all TLS, and which HTTP2 is based on). Usually it's framed in the context of "do we need to authenticate and verify TLS certificates when the user didn't originally request HTTPS?"
Some people are of the opinion that "TLS is TLS, and if you can't 100% trust it, there's no point." And I can see the logic in that. Obviously that should always be the c
Re: (Score:2)
My apologies, the second to last paragraph should read "in order to use SPDY or HTTP2 even for "HTTP" requests"...
The extra "HTTPS" is nonsensical in this context and should not be there.
Re: (Score:2)
Unfortunately it only takes one to abuse this. (Score:2)
This is laughably a bad idea.
This will be abused the instant it hits code. The temptation is too great. This will sink the adoption of http 2.0 and 1.1 will live for a far greater time.
With all of the news around man in the middle attacks I just can't believe this will be a feature.
This needs to be amended. I can see trusted chains, Where you would trust a chain from end to end, but just the proxy? With each node in the chain being able to cache.
Re:if you want a trusted proxy.. (Score:5, Interesting)
someone didn't RTFM!
and do what with the data then?
The main point of a proxy here is to allow things like caching, so you connect to the proxy using an encrypted pipe and as the proxy is trusted, you allow it to de-crypt your data, do whatever network efficiencies it wants to do and then re-encrypt your data to pass on to the destination.
I'm sure you can see why this might be a problem - your encrypted, secure data is automatically decrypted right at the point the NSA (or your ISP) wants it. Now if you trust your ISP or NSA to protect you and you don;t care if they are data mining your communications, then this is a great thing, let then do it as efficiently as possible.
if on the other hand, you think that the data you encrypt is done to stop others from performing man-in-the-middle attacks, then you'd not want this to be used.
Personally, I think its an ok thing as long as there's another mechanism for encrypting private data. I mean - you encrypt the boring stuff that you still don't want intercepted over a wifi link for example, but you still want your passwords to be properly encrypted and unreadable even by the trusted proxy. I would want the benefits of SSL on all my comms and have the benefits of proxy servers working with these, but still have my private data encrypted. I'm not sure how we could achieve this though, hopefully someone will enlighten me.
Re:if you want a trusted proxy.. (Score:4, Informative)
"someone didn't RTFM!"
And apparently that someone was not alone.
Right there on the first page it also says it calls for a mechanism for the person making the request to provde consent for the "trusted" proxy to, well, be a proxy.
Granted, there could be problems with people consenting when they shouldn't. There might also be problems with essentially coerced "consent", as in a situation where that is the only avenue for accessing that resource. But those are different problems than that of someone just inserting themselves in as a man-in-the-middle.
Re: (Score:2)
Re: (Score:2)
sure, "by connecting to ISP x's network you agree to provide consent to our use of trusted proxies to provide you with enhanced network facilities. Do you want to proceed?"
That assume they don't just bury it in the small print and so you "agree" to its use permanently.
The whole point of the article was own to this - trusted proxies will be inserted everywhere by your ISP and your data will be mined by them. Maybe its a bit paranoid,but its probably best to be quite clear right from the start.
Re: (Score:2)
Are you sure you understand what is being discussed?
Re: (Score:2)
Yes, I'm sure I'm not. Just like I know you're an AC idiot wanking away in your mother's basement.
Re: (Score:2)
That's what the draft says. But it's NOT A BLOODY IETF STANDARD. It's an individual submission to the IETF. The IETF isn't working on this. Some IETF participants are. The IETF has a formal policy excluding work on lawful intercept technology or even allowing for it in our protocol specifications.
Re: (Score:3, Insightful)
That works for you, me, and maybe a few other people.
For the billions of people online who don't/can't/won't think about what's actually going on, it doesn't work at all. In effect, all that matters is what Joe Sixpack does, and that's pretty clear. You can manipulate Joe into anything you want, by putting a shiny icon on it and telling him he can watch NFL Cheerleader Tryouts 15 in glorious High Definition.
Re:if you want a trusted proxy.. (Score:5, Informative)
You don't understand how things work, do you? This bypasses your "acceptance" requirement.
They can just do it transparently.
Re: (Score:2)
ORLY?
From TFAbstract:
"This document describes two alternative methods for an user-agent to
automatically discover and for an user to provide consent for a
Trusted Proxy to be securely involved when he or she is requesting an
HTTP URI resource over HTTP2 with TLS."
Re: (Score:2)
Consent can be as simple as logging in to a web portal. Think about it a little more. It'll come to you.
Re: (Score:2)
Please log into your account and press yes to agree that you want to use internet though our ISP and to use out transparent proxy which is an integral part of our service. Thank you.
Re:if you want a trusted proxy.. (Score:5, Interesting)
Lauren Weinstein is no lightweight; there's a good reason he's a Google consultant and have 400,000 followers. It's not for his singing & dancing.
Re: (Score:2)
Re: (Score:2)
Ken Ham would think that the RFCs on Avian Carriers were groundbreaking science and is not a Google consultant with 20 yrs of IT under his belt.
His followers are mostly led-by-the-nose idiots; Lauren's are largely grizzled geeks & distrustful nerds.
Re: (Score:2)
Argument from authority and popularity are fallacies.
Re: (Score:2)
Not always. Especially when the person in question is something of an expert and the rebuttal consists entirely of "he's wrong"
Re: (Score:2)
Did you read the draft? He's articulated quite accurately what's being proposed. Maybe that's not what the authors intend to be proposing, but that's what the document currently does in fact propose. (I say "authors" because the IETF has not adopted this work, so it's not accurate to say that the IETF is doing this work—the IETF is explicitly not doing this work at the moment.)
Re: (Score:2)
If there was a caching proxy closer to the edge that made your wget of an ubuntu ISO 10* times faster, wouldn't you want that?
There are a million ways to do this already.. CDN's, anycast, redirects... how is operating a proxy at scale a viable alternative to all the other shit that stays out of the data path?
No, you don't want your HTTPS Gmail to be cached and snooped - but that's perfectly ok, because that's NOT what is being proposed here.
No it is just ISO of your new operating system that will be used to access your gmail account. Oh yea those **MD5** checksums on Ubuntu's.. I give up.
Re: (Score:2)
See here - http://en.wikipedia.org/wiki/L... [wikipedia.org]
Re: (Score:2)
And the scenario where an ISP sets up a "trusted proxy" and forces all traffic to go through it - even your bank traffic.
That proxy would be a goldmine for hackers and fraudsters.
Re: (Score:3)
It's only trusted by you if you assert that it is. This proposal formalizes the act of notifying of an available proxy and allowing the user to trust (or not trust) said proxy.
Take it or leave it (Score:4)
Re: (Score:2)
It's only trusted by you if you assert that it is. This proposal formalizes the act of notifying of an available proxy and allowing the user to trust (or not trust) said proxy.
And if they simply redirect all port 443 traffic to their proxy by default so that they can cache content and optimize their network?
You can either trust their proxy, or you can fuck off and not use https.
Re: (Score:2)
Sounds like a certain someone doesn't know how SSL/TLS works.
Re: (Score:2)
Sounds like a certain someone doesn't know how SSL/TLS works.
Sounds like someone has never heard of "router level redirect to proxy" and "deep packet inspection" so that you can either use their proxy and let them see your traffic, or you don't get to negotiate a connection.
Re: (Score:2)
Oooh "router level redirect" that sounds serious. I bet it never occured to the creators of SSL/TLS that *routers* could be involved with transferring the traffic.
Heavens no.
Re: (Score:2)
Re: (Score:2)
Sure, Terry, but what's worse, an MITM DOS ("you don't get to negotiate a [n https] connection") or an MITM that allows full inspection and modification of data that one (typically the server-side) or both ends think is an HTTPS connection?
The server side has lots of standardized and/or developed tools to protect the integrity and privacy of data between the server and the browser that does not rely upon perfect (or even any) HTTPS. The assumption that HTTPS is perfect -- or even close enough -- has been
Re: (Score:3)
Re: (Score:2)
Personally I think that is insane even if 100% of the traffic is work related - do people really want a nice handy little box where an outside contractor, the new kid helping out with cabling, the vendors of the device and anyone who knows the backdoors in such a never patched appliance get only confidential traffic nicely sorted and giftwrapped for them?
Re: (Score:2)
In the vast majority of cases, when you are using an encrypted connection it is because the information you are exchanging is a private matter between you and the other endpoint. Mostly it's uncachable anyway since only you will have the page info filled in exactly that way. Why cache my bank account summary, nobody else should ever be able to fetch that exact page but me anyway and I already have it.
So it's a 'feature' that is largely useless for it's claimed intent but tremendously useful for nefarious pu
Securing the session cookie with TLS (Score:4, Informative)
In the vast majority of cases, when you are using an encrypted connection it is because the information you are exchanging is a private matter between you and the other endpoint.
Even if the only private piece of information is the session cookie identifying the logged-in user to the site, that's still "a private matter between" the user and the site. Since the Firesheep tech demo [slashdot.org] became public, it has become common for some web sites to go all HTTPS all the time to prevent intruders from snooping and replaying session cookies. Facebook [slashdot.org] and Twitter [slashdot.org] do this, and Wikipedia [wikimedia.org] turned it at the end of August of last year. The biggest historical obstacle to HTTPS implementation for any site on a VPS or bigger has been mixed content introduced by ad networks, but in September of last year, Google finally enabled HTTPS for AdSense [google.com].
Re: (Score:3)
If you don't *TRUST* the proxy, don't accept it's use.
That's true. But then, if you're a user who's not very security savvy (like 95% of the people on the internet) and you think "https is secure, my isp can't see my data", and you think "secure proxy, sounds good!", then you're stuffed. Either the rfp should require isps to notify their customers that "secure" in this case means "secure, but we can see it", or the rfp should describe a solution where the isp really can't see the users data.
Re: (Score:2)
That's true. However, the browser is going to be the technology that ultimately allows the user to act. So as long as Google, Mozilla, etc make the security risks clear, everything should be okay.
The current set of browser security warnings are pretty effective (giant red screen with lots of scary text). If the end user still approves, it's their fault.
Re: (Score:2)
What proxy would you trust with your banking details? Because this spec will let them see your private conversations with third parties including banks. Weinstein is correct to be worried about this proposal. However, this is not an IETF document. The IETF isn't trying to do anything here. This is a document some people have floated in the IETF. As written, I don't see it getting traction, because it's in violation of existing IETF policy [ietf.org].
Re: (Score:2)
It's not going to be presented as a matter of trust. If the proxy bothers to ask the user to opt in, they will ask "Do you want us to use the SuperMegaFast approach to get this page or the normal way that's likely to be somewhat to much slower?" When phrased like that, I think most non-technical users (and even some technically-savvy users) would choose the fast MITM approach.
Re: (Score:2)
Re: (Score:3, Informative)
You have no clue what you are talking about. The "legally required" shit is already being done. There's no need to do any IETF crap.
This is for ISPs to do it to you, without you being able to prevent it.
Re: (Score:2)
Actually if your TLS implementation is solid, there is no way for the ISP to do this to you. They don't have access to the keys. They can prevent you from using HTTPS, but if they do you will stop using them, because you won't be able to do online shopping or online banking, or even log in to Facebook.
Also, TLS and HTTP are "IETF crap." Whereas the document Weinstein is up in arms about is not—it's a document that's been proposed as work in the IETF by a couple of people, but it is not work the
Re: (Score:3)
You have no clue what you are talking about. The "legally required" shit is already being done. There's no need to do any IETF crap.
This is for ISPs to do it to you, without you being able to prevent it.
Really? Because the draft says that the end user must explicitly given permission for every session(no "always agree" option). You really think FireFox and Chrome will not prompt the user and ask them if they want to use the proxy? If they didn't, I guarantee that someone would immediately fork the projects and make them work that way.
Re: (Score:2)
Have you ever used a hotel wifi? When you login, they can use that to as your "agreement" to use the proxy as well. Did you read the draft? They can set it up such that if you disagree, you are stuck in limbo hell.
Re:Cluelessness and hyperbole combined (Score:5, Funny)
Re: (Score:2)
And she looks really butch on the motorcycle with the ape hangers.
Re: (Score:2)
Re: (Score:2)
But possibly with the side effect of loosing your connection, or the ISP makinbg it slow for you like they do with Netflix.
Re: (Score:2)
Yes, sirree! Everyone, make sure to vote Republican,
Sorry to ruin your fun at my expense, but the Republicans are just as guilty as the Democrats.
It's not an (R)/(D), Left/Right. Liberal/Conservative thing.
It's a "basic civil rights all humans are born with" thing.
Sell that partisan (R)/(D) crapola somewhere else. I'm not buying.
Strat
Re: (Score:2)
You a thinker, ain't ya? We don't do none of that thinkin stuff round these parts, boy.
My apologies, Senator.
Strat
Re: (Score:2)
So does installing the Ask Toolbar, but I'll be damned if I can find anyone who knew they had consented to installing it...