[Cryptography] nytimes.com switches to https

Christian Huitema huitema at huitema.net
Wed Jan 11 10:03:43 EST 2017 

On Tuesday, January 10, 2017 6:18 PM, John Denker wrote:

>> We are thrilled to announce that we have begun to enable HTTPS on
>> NYTimes.com, an effort that helps protect the privacy of our readers
>> and ensures the authenticity of our content.
>
> Ha ha ha, very funny joke.

Well, the part about "authenticity of our content" is definitely correct. The part about "privacy of our readers", yes, it is somewhat vulnerable to attacks. But it is certainly an improvement over plain text.

> Have those guys never heard of traffic analysis?  Https does not conceal
> the length of the article, nor the pattern of included images.  Therefore
> all the opposition has to do is crawl the site once in a while, and they
> know what everybody is reading.

The NYT folks are journalists, not protocol designers or software developers. They are doing their part, switching to HTTPS. They are not in a position to improve HTTPS -- that's a job for the IETF, browser developers, and server developers.

The good news is that the use of message length as a side channel is now widely understood. TLS 1.3 supports message padding. Researchers are exploring stuff like logarithmic rounding. It will come, even if it takes longer than we would like. And the NYT will hopefully get it when they upgrade their HTTPS software.

> Here's one of my favorite maxims:
>   Metadata is data.
>   Stealing metadata is stealing.
>   A cryptosystem that leaks metadata is a cryptosystem that leaks.

I agree about metadata, but I would just say "a system that leaks..." You point out the "side channel" leak through message lengths, and yes that is something that ought to be fixed as part of TLS design. But there are plenty of other metadata leaks outside of the crypto envelope. The SNI in TLS is an obvious one, but there is also IP addresses, DNS queries, list of frame sources such as ads or images in web pages, and maybe timing signals. We need to fix all that, and it will take some time. So yes, we need good crypto systems, but we also have to pay attention to the entire system design, not just the crypto.

-- Christian Huitema

More information about the cryptography mailing list