This is actually my reason for opposing making http a mandatory I am fine with the idea of requiring strong TLS
I am fine with the idea of a new mechanism for weakly authenticated http. But do not weaken TLS so that it can be used as a proxy bypass strategy without strong crypto Do it right or write your own. Do not damage the only security protocol we have so some folk can shave a few msec off latency Sent from my difference engine > On Dec 8, 2013, at 10:55 AM, Nicholas Weaver <[email protected]> > wrote: > > >> On Dec 7, 2013, at 4:09 PM, Bruce Perens <[email protected]> wrote: >> Well, we do have some HTTP uses where encryption that hides the content >> won't be allowed, and thus authentication is important. >> >> We can't have encryption when we use HTTP over Amateur Radio in the US and >> many other countries. There is self-policing on ham frequencies that >> requires that people be able to copy other people's transmissions, and >> encryption defeats that. Obviously we don't put confidential data on those >> frequencies, that belongs on your cell phone. So, an authentication-only >> WiFi protocol is needed for Amateur Radio, and possibly an >> authentication-only version of TLS. > > NO!!!! > > The reason is downgrade attacks. A huge problem with the IPSec standard is > that NULL encryption was allowed in there, and also known weak modes (single > DES, 720b D/H etc). Its one of the primary reasons why John Gilmore and > therefore others feel the IPSec process was sabotaged by the NSA. > > To explicitly support downgraded, athuentication w/o encryption is STUPID! > it is DANGEROUS! > > > > About the only thing that is not a horrid idea is to have the key exchange > generate a separate MAC and encryption key, using an encrypt then MAC > structure. Yet that loses out on the benefit of authenticated encryption > modes that build the MAC into the communication. > > So face it Bruce, your only option should be to have the client leak the > session keys keys, and thereby explicitly say "NO SECURITY ON THIS > CONNECTION, HAVE A NICE DAY". > > And yes, this means the French can pwn you. Sorry, use a network that allows > encryption. Or have your session key leaker in UDP, and only 2-3 hops on the > TTL, so only locals can pwn you. [1] > > Anything more built into the protocol to support unencrypted communication > represents a sabotage attempt on the rest of the Internet. > > > [1] I'm just waiting for the Botnet that uses open-WiFi to pwn the fellow > computers in the local starbucks. Its an old idea, but a good one... > > -- > Nicholas Weaver it is a tale, told by an idiot, > [email protected] full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
