It has the kind of inflammatory institutional chauvinism one usually expects from bureaucrats defending their turf and moralizing their powers, but it's important to understand the outcomes the people like them are aiming for.
Additionally, ignoring for a moment the usual appeals for intelligence and law enforcement, the coalition of interests the author is referencing includes those interested in enforcing "societal norms," and "support for persons with disabilities."
The first means censorship and those people never seem to go away. But the second has nothing to do with transport layer encryption and appears to be a dogwhistle offering tacit institutional support to political agitators who want to get onside with adding surveillance levers to the internet.
The article could reasonably be interpreted as a threat that if TLS 1.3 is adopted and imposes further costs on pervasive surveillance apparatuses, they will co-operate to further balkanize the internet.
That article was so hard to read. He jumps to so many conclusions without any logical path like the use of TLS will stress the bandwidth of providers, claiming its like "unauthorized taking of the provider's transport network resources". How will TLS vs not TLS meaningfully impact amount of traffic on a network? He doesn't say, just claims it. I'm guessing he means the provider can't throttle/control traffic based on packet inspection as easily? Regardless, this is like saying everyone in the neighborhood running all of their faucets at the same time is like stealing from the water provider. That's literally their only job, to be a pipe for water. People aren't stealing by stressing the network, if anything the network would be stealing for not running as advertised.
"TLS 1.3 significantly facilitates widespread malware distribution" this guy...has to be getting paid by someone to say this, right? Who is this dude, what is CircleID?
OK I read the article and obviously lack some context. The author goes on and on about the evils of TLS 1.3 but it wasn't clear why TLS 1.3 would cause the world to end as opposed to say, TLS 1.2. Can't companies that want to monitor their employees just stick a bogus certificate on their computers like they can now?
Edit: deleted an incorrect comment about meta info. That was the other thing...
The CircleID article is full crazy. There's a whole passage about how the IETF "took over the ITU-T/ISO internet TLS" which turns out to mean basically the words "Transport Layer Security" are also used to name one of the dozens of X series standards. That standard, X.274 also involves er, securing a transport layer, like TLS, and so there are some elements we'd recognise - even Diffie-Hellman key exchange (although it's under a different name and hidden in an appendix) but of course it's not an Internet standard and doesn't use Internet nomenclature.
It's like if midway through a rant on how awful Back to the Future is, the author stopped to complain that Huey Lewis and the News is just covering the 1984 Jennifer Rush song... not _quite_ as crazy as saying it's a cover of Deee-Lite's track but still pretty crazy.
If there's still any doubt that encrypting everything is the right way to go for internet protocols:
Huge: @Citizenlab catches ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware. Unencrypted web traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top internet sites affected.
After reading both the linked article and the original to which this responds, I can say I am one of those Crypto zaelots. And not just because I am developing a protocol that encrypts everything end-to-end.
The original article's claims are ludicrous, stating that TLS 1.3 would be basically unlawful, since the ISPs can not read the data. Than it says that a open internet is bad, citing small, empty pages that go from "there are nazis there" to "this and that political figure is there only thanks to the internet".
The solution is: middleboxes that see all your traffic. ...'cause Trump would not have been elected with your middleboxes or something? That alone is disturbing on many levels.
The author of the linked article points out that it is a bad idea due to what Snowden brought up, but basically stops there.
So please let me say, fuck you and your middleboxes. But not only because of the Snowden revelations.
I have seen middleboxes truncate traffic because they didn't understand a TCP option. Throttle/drop everything because they were way too downsized and could not handle the traffic, some barely able to NAT, let alone do their inspection. Centralized firewalls crashing due to too many packets in memory. Captive portals that spoof dns so that they can display the login page, except that I can't see that, 'cause HSTS and they don't have the certificate, or my device caches the DNS query result and I can't see that site anymore.
So Fuck you and your middleboxes. Especially those that intercept all your TLS traffic, analyze and then pass it through, signed with their CA. Except they didn't really control the original certificate, or you can't control the trusted CAs. Or those that blocked me from updating antiviruses, because guess what, false positives. Or those that MITM your dns queries, to give you your much needed advertisement, when they don't outright MITM your HTTP to add their advertisement.
Are any of those middleboxes ever updated anyway? By the developers, not by the local admins. Those middleboxes that break stuff and make troubleshooting hell. I have seen too many old, never-updated stuff to believe in your middleboxes anymore.
If a company wants/needs to see/modify the traffic, then fine. On their devices. Install a CA there or install a VPN that tunnels the device to your proxy or something. Why does it have to transparent, for everyone?
So really, I'm with the author. Fuck you and your fucking middleboxes.
Every so often, somebody attacks a point by saying "Why, $foo is absurd! If you did foo, you'd be embracing a world that that looks like $bar!" And I read their piece, and think "Yeah, I'm totally on board with $bar. Sounds good!"
It's a depressing reminder of just how far apart people's goals can be. I don't just disagree with them, I have views so distant that they use my beliefs as a reduction to the absurd.
Fuck that article, and fuck its middleboxes. I accept that I am, by many standards, a crypto zealot. I'm alright with that.
> We’ve seen programs such as Let’s Encrypt that bring the price of domain name public key certificates down to a base of free.
And, interestingly enough, turn the implicit assumptions behind the whole XPKI infrastructure on their head.
CAs built their business on the idea that we needed to know that sears.com is Sears, Roebuck & Co., while sears.net is a family website. But it turns out that we don't really care: we care that google.com is google.com, and that's it.
What we really want is to know that the IP address we're talking to is the IP address we think we're talking to, and that the IP address we're talking to is the one we looked up for a particular DNS name. What we really want is not an identity-authentication certificate, but rather authorisation certificates.
Over twenty years ago, RFCs 2692 & 2693 (and follow-up draft work) identified the issue, and offered a solution — but the industry stuck with identity-authentication certificates. This is kinda crazy when you think of it: knowing who someone is doesn't guarantee that I want to do business with him.
> But it turns out that we don't really care: we care that google.com is google.com, and that's it.
It's worse than that. 9/10 users I observe 'google'* google in order to run a google search. Every single time they go to a website that isn't saved as a bookmark, they search for it instead of typing an address into the address bar. I used to be surprised seeing people google 'gmail' and then click the top ad every morning... But I don't blame the users as much anymore. The companies that makes the browsers and web search know all this too and the UI has actually evolved to further muddy the difference between search and address.
(Increasingly they bing it due to MS defaults in Win 10.)
But your overall point is well taken and very true: having the sears.com domain name might not be as important as having the top google hit for 'sears'.
> CAs built their business on the idea that we needed to know that sears.com is Sears, Roebuck & Co., while sears.net is a family website. But it turns out that we don't really care: we care that google.com is google.com, and that's it.
Perhaps more critically, we've proven that even if we wanted to know that sears.com is Sears, Roebuck & Co., CAs can't be trusted to tell us that reliably.
>"CAs built their business on the idea that we needed to know that sears.com is Sears, Roebuck & Co., while sears.net is a family website. But it turns out that we don't really care: " //
Don't we?
I think people in general do care, but having a cert doesn't show it to be true unless you trust all CAs?
The piece in CircleID to which Geoff Huston is responding is pretty clearly a troll, a bid for attention from someone professionally attached to some pretty marginal "standards" groups. It's incoherent and poorly informed. It's possible to make colorable arguments about the need for security protocols that admit to legitimate monitoring. The CircleID piece didn't make any of those.
It's a little embarrassing to see someone of Geoff Huston's stature responding to what is so clearly a plea for recognition from someone who would otherwise have no impact whatsoever on Internet engineering. It's much more embarrassing for CircleID to have published that piece to begin with, but, what do you expect? CircleID is terrible.
From reading a few of Anthony Rutkowski's other screeds against end-to-end encryption I got the impression he might be a shill for some middlebox vendor. Did some digging and turns out he is an executive at Yaana which is a company that does exactly the kind of work that TLS 1.3 is trying to frustrate (credit to HN user Animats [1]).
>"Yaana is a leading global provider of a wide range of intelligent compliance solutions including lawful interception, accurate data retention, big-data search & disclosure, advanced security and application specific analytics."
That he thinks his unhinged writing style might be persuasive to anyone is baffling to me.
For me, a "crypto zealot" is somebody who says we shouldn't use SMS based 2FA because it has some vulnerabilities: people who advocate using only the best crypto, or none at all.
This just sounds like building a universal layer of encryption around all communications. It's not zealotry but common sense.
Not just the handshake. With say HTTPS (HTTP over TLS over TCP) the unencrypted TCP layer is where the flow control is, a bad guy can see and manipulate this flow even though the application data is opaque to them. Every TCP packet is identified as to which session it's part of, and the TCP stack is relying on the flow control to tell it e.g. to slow down because things are congested.
In QUIC all that vanishes inside the encryption. The only things left unencrypted are the source and destination address.
Is this really surprising? I'm (still) more surprised when I click on an article with crypto in the title and it's not about cryptography. (There may be some underlying bias as to the links I see/am sent.)
Indeed, otherwise they have negative cost. The Let's Encrypt API has saved me so much money by letting me automate certificate generation, it's crazy. No more having to install new certificates by hand every year!
It took me 10 minutes to setup Let’s Encrypt on my web server. It was the first and only time I’ve had to do it. I’m pretty sure I spent more time setting up Apache’s configuration than I did Let’s Encrypt’s.
[+] [-] motohagiography|8 years ago|reply
It has the kind of inflammatory institutional chauvinism one usually expects from bureaucrats defending their turf and moralizing their powers, but it's important to understand the outcomes the people like them are aiming for.
Additionally, ignoring for a moment the usual appeals for intelligence and law enforcement, the coalition of interests the author is referencing includes those interested in enforcing "societal norms," and "support for persons with disabilities."
The first means censorship and those people never seem to go away. But the second has nothing to do with transport layer encryption and appears to be a dogwhistle offering tacit institutional support to political agitators who want to get onside with adding surveillance levers to the internet.
The article could reasonably be interpreted as a threat that if TLS 1.3 is adopted and imposes further costs on pervasive surveillance apparatuses, they will co-operate to further balkanize the internet.
[+] [-] lakechfoma|8 years ago|reply
"TLS 1.3 significantly facilitates widespread malware distribution" this guy...has to be getting paid by someone to say this, right? Who is this dude, what is CircleID?
[+] [-] upofadown|8 years ago|reply
Edit: deleted an incorrect comment about meta info. That was the other thing...
[+] [-] tialaramex|8 years ago|reply
It's like if midway through a rant on how awful Back to the Future is, the author stopped to complain that Huey Lewis and the News is just covering the 1984 Jennifer Rush song... not _quite_ as crazy as saying it's a cover of Deee-Lite's track but still pretty crazy.
[+] [-] Aissen|8 years ago|reply
Huge: @Citizenlab catches ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware. Unencrypted web traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top internet sites affected.
https://twitter.com/Snowden/status/972110541408952320
[+] [-] symtos|8 years ago|reply
https://ccadb-public.secure.force.com/mozilla/IncludedCACert...
https://social.technet.microsoft.com/wiki/contents/articles/...
[+] [-] Luker88|8 years ago|reply
The original article's claims are ludicrous, stating that TLS 1.3 would be basically unlawful, since the ISPs can not read the data. Than it says that a open internet is bad, citing small, empty pages that go from "there are nazis there" to "this and that political figure is there only thanks to the internet".
The solution is: middleboxes that see all your traffic. ...'cause Trump would not have been elected with your middleboxes or something? That alone is disturbing on many levels.
The author of the linked article points out that it is a bad idea due to what Snowden brought up, but basically stops there.
So please let me say, fuck you and your middleboxes. But not only because of the Snowden revelations.
I have seen middleboxes truncate traffic because they didn't understand a TCP option. Throttle/drop everything because they were way too downsized and could not handle the traffic, some barely able to NAT, let alone do their inspection. Centralized firewalls crashing due to too many packets in memory. Captive portals that spoof dns so that they can display the login page, except that I can't see that, 'cause HSTS and they don't have the certificate, or my device caches the DNS query result and I can't see that site anymore.
So Fuck you and your middleboxes. Especially those that intercept all your TLS traffic, analyze and then pass it through, signed with their CA. Except they didn't really control the original certificate, or you can't control the trusted CAs. Or those that blocked me from updating antiviruses, because guess what, false positives. Or those that MITM your dns queries, to give you your much needed advertisement, when they don't outright MITM your HTTP to add their advertisement.
Are any of those middleboxes ever updated anyway? By the developers, not by the local admins. Those middleboxes that break stuff and make troubleshooting hell. I have seen too many old, never-updated stuff to believe in your middleboxes anymore.
If a company wants/needs to see/modify the traffic, then fine. On their devices. Install a CA there or install a VPN that tunnels the device to your proxy or something. Why does it have to transparent, for everyone?
So really, I'm with the author. Fuck you and your fucking middleboxes.
[+] [-] Bartweiss|8 years ago|reply
It's an unusual feeling to become a strawman.
Every so often, somebody attacks a point by saying "Why, $foo is absurd! If you did foo, you'd be embracing a world that that looks like $bar!" And I read their piece, and think "Yeah, I'm totally on board with $bar. Sounds good!"
It's a depressing reminder of just how far apart people's goals can be. I don't just disagree with them, I have views so distant that they use my beliefs as a reduction to the absurd.
Fuck that article, and fuck its middleboxes. I accept that I am, by many standards, a crypto zealot. I'm alright with that.
[+] [-] eadmund|8 years ago|reply
And, interestingly enough, turn the implicit assumptions behind the whole XPKI infrastructure on their head.
CAs built their business on the idea that we needed to know that sears.com is Sears, Roebuck & Co., while sears.net is a family website. But it turns out that we don't really care: we care that google.com is google.com, and that's it.
What we really want is to know that the IP address we're talking to is the IP address we think we're talking to, and that the IP address we're talking to is the one we looked up for a particular DNS name. What we really want is not an identity-authentication certificate, but rather authorisation certificates.
Over twenty years ago, RFCs 2692 & 2693 (and follow-up draft work) identified the issue, and offered a solution — but the industry stuck with identity-authentication certificates. This is kinda crazy when you think of it: knowing who someone is doesn't guarantee that I want to do business with him.
[+] [-] ballenf|8 years ago|reply
It's worse than that. 9/10 users I observe 'google'* google in order to run a google search. Every single time they go to a website that isn't saved as a bookmark, they search for it instead of typing an address into the address bar. I used to be surprised seeing people google 'gmail' and then click the top ad every morning... But I don't blame the users as much anymore. The companies that makes the browsers and web search know all this too and the UI has actually evolved to further muddy the difference between search and address.
(Increasingly they bing it due to MS defaults in Win 10.)
But your overall point is well taken and very true: having the sears.com domain name might not be as important as having the top google hit for 'sears'.
[+] [-] kerkeslager|8 years ago|reply
Perhaps more critically, we've proven that even if we wanted to know that sears.com is Sears, Roebuck & Co., CAs can't be trusted to tell us that reliably.
[+] [-] pbhjpbhj|8 years ago|reply
Don't we?
I think people in general do care, but having a cert doesn't show it to be true unless you trust all CAs?
[+] [-] ryanlol|8 years ago|reply
What do you mean? This is only true for EV certs.
[+] [-] ta76567656|8 years ago|reply
I care - it's annoying to have to check whether there's a typo in te URL every time I want to trust a website using SSL.
[+] [-] tptacek|8 years ago|reply
It's a little embarrassing to see someone of Geoff Huston's stature responding to what is so clearly a plea for recognition from someone who would otherwise have no impact whatsoever on Internet engineering. It's much more embarrassing for CircleID to have published that piece to begin with, but, what do you expect? CircleID is terrible.
[+] [-] sesutton|8 years ago|reply
>"Yaana is a leading global provider of a wide range of intelligent compliance solutions including lawful interception, accurate data retention, big-data search & disclosure, advanced security and application specific analytics."
That he thinks his unhinged writing style might be persuasive to anyone is baffling to me.
[1] https://news.ycombinator.com/item?id=15586504
[+] [-] davedx|8 years ago|reply
This just sounds like building a universal layer of encryption around all communications. It's not zealotry but common sense.
[+] [-] ryanlol|8 years ago|reply
lol. I guess that’s one way to put it.
[+] [-] baby|8 years ago|reply
I'm not sure I understand his/her point. Maybe this is pointing to QUIC encrypting part of the handshake?
[+] [-] tialaramex|8 years ago|reply
In QUIC all that vanishes inside the encryption. The only things left unencrypted are the source and destination address.
[+] [-] blattimwind|8 years ago|reply
[+] [-] Khol|8 years ago|reply
[+] [-] mkj|8 years ago|reply
[+] [-] betageek|8 years ago|reply
Only free if you value your time at $0.
[+] [-] StavrosK|8 years ago|reply
[+] [-] oldcynic|8 years ago|reply
Haven't had to change a CC number, or trip over any of the usual selection of billing and renewal gotchas.
Fits my definition of free, even after valuing my time as non-zero!
[+] [-] Hamuko|8 years ago|reply
Also, sometimes doing a bit of server work is rewarding on its own.
[+] [-] dsacco|8 years ago|reply
[+] [-] robert_foss|8 years ago|reply