[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] HTTPS Everywhere harmful

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] HTTPS Everywhere harmful
From: Mike Perry <mikeperry@xxxxxxxxxxxxxx>
Date: Fri, 24 Apr 2015 20:05:43 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 24 Apr 2015 23:07:32 -0400
In-reply-to: <CAMZR1YAYXv1Nxo=MRfEdXi-A22cEFVx31aKVKPU_kZ9+JSxYvg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAMZR1YAYXv1Nxo=MRfEdXi-A22cEFVx31aKVKPU_kZ9+JSxYvg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Maciej Soltysiak:
> http://www.w3.org/DesignIssues/Security-NotTheS.html

The problem with his argument is that the web (and any protocol, really)
needs a way to demand a hard guarantee that a request must proceed over
a secure transport layer. If that layer is not available, the request
must fail. Anything short of that is opportunistic security, and by
definition not effective against an active attacker**.

I suspect what Tim Berners-Lee is actually annoyed with is Mixed Content
Blocking and its tendency to impede upgrade to HTTPS rather than
encourage it (due to blocking HSTS-upgraded URLs and addon redirect
HTTPS upgrades as if they were HTTP URLs, rather than allowing them to
be treated as first-class HTTPS urls). With that, I sympathize. Mixed
Content Blocking seems to be doing more harm than good in terms of
encouraging HTTPS transition, and has forced HTTPS-Everywhere to have to
disable thousands of HTTPS upgrade rules due to site breakage from
improperly blocked "Mixed Content".

Unfortunately, it seems that conflating the Mixed Content Blocking issue
with the HTTPS namespace issue will likely distract the standards
community long enough to delay development of proper solutions to HTTPS
migration (like an improved form of HSTS that addresses known issues
with Mixed Content Blocking: https://w3c.github.io/webappsec/specs/upgrade/).

Forgive me if I do my best to avoid this distraction myself.



** Sure, there could be a pile of new attribute flags that could be set
on every HTML resource tag that says the resource must use a "secure
http:" channel if the parent document happened to load over a secure
channel, but the net engineering effort of deploying that correctly far
exceeds the effort needed to mitigate the namespace fragmentation
issues that Tim Berners-Lee is seemingly so concerned about.


-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] HTTPS Everywhere harmful
  - From: Ian Goldberg
- Re: [tor-dev] HTTPS Everywhere harmful
  - From: yan

References:
- [tor-dev] HTTPS Everywhere harmful
  - From: Maciej Soltysiak

Prev by Author: Re: [tor-dev] PT-themed stuffed animals: huggable transports
Next by Author: [tor-dev] Summer of Privacy application, Censorship Analyzer
Previous by thread: [tor-dev] HTTPS Everywhere harmful
Next by thread: Re: [tor-dev] HTTPS Everywhere harmful
Index(es):
- Author
- Thread