[Cryptography] Moving forward on improving HTTP's security
John Kelsey
crypto.jmk at gmail.com
Fri Nov 15 08:43:50 EST 2013
On Nov 15, 2013, at 2:44 AM, ianG <iang at iang.org> wrote:
...
> i. Get all-TLS & get all-CAs: fail. All CAs will fall to the state.
>
> (This of course can be seen as a tinfoil claim, and it is easy to dismiss because people simply don't know the reality. FWIW, been there, got the t-shirt: CAs are a legitimate, popular and priority target of the TLAs.)
CAs can participate in MITM attacks, but there are additional measures that can make that behavior very likely to get caught. And right now, most traffic doesn't even need a MITM attack, just eavesdropping to listen in on the unencrypted traffic.
> For my money, I assume that everyone can see that if we TLS-everything, then we cannot accept CAs everywhere, and we must add easy opportunistic encryption.
It seems to me that anything that gives us easy opportunistic encryption is about as vulnerable to MITM attacks as TLS with possibly-compromised CAs.
...
> iang
--John
More information about the cryptography
mailing list