I wish people would stop citing the Cloudflare example as if something nefarious is going on there. It is absolutely, 100% false that the identity in a certificate should identify who Cloudflare is getting the certificate on behalf of. Cloudflare requests the certificates, holds the keys, and operates the servers. It is the correct entity to identify as the certificate subject.
Modern web architectures are complicated, and there are other organizations participating in other roles. It would be possible to name those as well, but you'd have to define the roles, what they mean, how to validate them, and how to put them into certificates. If people want to make proposals in that area, they certainly can. But Cloudflare isn't doing anything wrong here. -Tim From: TLS <tls-boun...@ietf.org> On Behalf Of Yannick LaRue Sent: Tuesday, March 28, 2023 12:29 AM To: tls@ietf.org Subject: [TLS] Proposal to make TLS universal Dear TLS Working Group, Thank you for your response to our previous message from Eric Rescorla. We appreciate your clarification on the use of ECDH ephemeral for encrypting the exchange of certificates in the TLS 1.3 handshake. Based on this information, we have a new proposal to make TLS universal and promote the use of encryption across the internet. Our idea is to use ECDH ephemeral to create secure connections for sites that do not have certificates. This will provide a low level of security for these sites, but still better than the current situation where plaintext HTTP is used for these sites. Furthermore, using a certificate for a site should provide a medium level of security, which is already the case. Finally, mutual authentication should provide a high level of security. We believe this approach would be in line with the spirit of the Browser Forum, which seeks to promote universal encryption on the internet. Furthermore, our proposal to use ECDHE for securing connections without a certificate provides the same level of assurance as the use of low-assurance certificates, such as those issued by Let's Encrypt or Cloudflare, which do not guarantee the identity of the server and its owners. In fact, many certificates simply guarantee that the site is hosted by a particular provider, such as the certificate used any site on Cloudflare, which lists Cloudflare, Inc. as the organization. Our proposal offers a more universal approach to encryption that doesn't rely on specific certificate authorities or their levels of assurance, and it would bring the benefits of encryption to all sites, regardless of their level of technical sophistication or resources. Additionally, it is worth noting that many websites currently use low-assurance certificates simply to meet TLS requirements and enable encryption on their channels. This practice goes against the original philosophy of TLS, which was designed to provide strong assurance of server identity. Therefore, our proposal to include a low-assurance level using ephemeral ECDH in TLS would not only make the protocol universal but also help mitigate this problem. This reinforces the idea of including a method within TLS for users to securely utilize the protocol without having to resort to workarounds. We believe that by making encryption available to all sites, we can promote greater security on the internet. This proposal will also help users understand the level of security provided by their connections and will encourage them to demand stronger security where it is necessary. Thank you for your consideration, and we look forward to your response. Best regards, Yannick LaRue SSE Carte à Puce Inc.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
