[Cryptography] When HTTP is outlawed, the outlaws will use HTTPS

[Harlan Lieberman-Berg]

On Fri, Dec 8, 2017 at 9:20 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> What's even worse is that since we've been telling users for years that if
> it's on HTTP it's safe, it's actually making the phishing more effective.

Hello Peter,

I think this was our original sin.  We've conflated two different
security properties together, whereas DV TLS really only solves one of
them: "this is the site I'm trying to get to", and "I can talk to this
site without someone else listening in".  When we tell users that the
green lock means "everything is secure", we're implying both of these.
But, of course, it's not that simple; DV only solves #2, and even then
only if you get the domain right [0]. EV was meant to help fix #1, but
we've known for a while that it's only a partial fix [1].

I think what we need to do here is to help explain to users exactly
what they get when they see the green lock. I'm not sure how we can
help retrain them, especially while there is a long history of other
(and entirely useless) lock symbols being used to mistrain them [2].
Browsers can help with this, emphasizing the domain and de-emphasizing
subdomains, but I also think we need to be more careful in the future
when making "promises" about the security benefits of technology.
Yes, HTTPS was certainly more secure than HTTP and making sure users
were on HTTPS was valuable, but....

Harlan

[0] Here we have all the fun of unicode look-alike domains with
punycode ("fооbаr" vs "foobar" -- which is which?).  Or, of course,
"google.login.security.no-really-this-is-legit.cz".
[1] EV has its own problems with names. https://stripe.ian.sh/ shows a
useful example.
[2] $SEARCH for "secured by logo" is a concerning experience.