On 3/27/23 8:28 AM, Yannick LaRue wrote:
Furthermore, our proposal to use ECDHE for securing connections
without a certificate provides the same level of assurance as the use
of low-assurance certificates, such as those issued by Let's Encrypt
or Cloudflare, which do not guarantee the identity of the server and
its owners. In fact, many certificates simply guarantee that the site
is hosted by a particular provider, such as the certificate used any
site on Cloudflare, which lists Cloudflare, Inc. as the organization.
Our proposal offers a more universal approach to encryption that
doesn't rely on specific certificate authorities or their levels of
assurance, and it would bring the benefits of encryption to all sites,
regardless of their level of technical sophistication or resources.
This is absolutely not true. Even if you consider the assurance
'low-level' (which several people have debated), it's certainly not
zero, which is exactly what you get if you are purely ephemeral. What
are you trying to protect when you encrypt your data with SSL? The
normal internet unencrypted protects you from the causual observer. You
are trying to protect against someone who has control of the gateways
between you and your target. Your ISP, various government actors, large
internet backbone providers. Any of these actors can terminate your SSL
connection at the point of interception and create w new SSL connection
with your target website. If there is no authentication between these
sites, there is no way to detect such an attack. Cloudflare and Let's
Encrypt participate in the overall ECO system which includes things like
certificate transparency making attempts by any of these bad actors
visible to everyone.
Additionally, it is worth noting that many websites currently use
low-assurance certificates simply to meet TLS requirements and enable
encryption on their channels. This practice goes against the original
philosophy of TLS, which was designed to provide strong assurance of
server identity. Therefore, our proposal to include a low-assurance
level using ephemeral ECDH in TLS would not only make the protocol
universal but also help mitigate this problem. This reinforces the
idea of including a method within TLS for users to securely utilize
the protocol without having to resort to workarounds.
Even self signed certificates are better than ephemeral. At least
there's a *chance* that such an attack would be detected by the user.
We believe that by making encryption available to all sites, we can
promote greater security on the internet. This proposal will also help
users understand the level of security provided by their connections
and will encourage them to demand stronger security where it is necessary.
I agree with this sediment (we want encryption to be pervasive), it's
not good to provide encryption which provides no security. We know that
bad actors *will* MITM ephemeral connections. We know this because they
have already tried to attack our certificate infrastructure. Wide spread
attacks are quickly detected and publicized. These actors, however won't
have to "attack" ephemeral connections because here is no authentication
to connect. The will simply MITM the connection with no way to know it's
completed.
Thank you for your consideration, and we look forward to your response.
If you have a different way of authenticating that I've connected to a
website. That method could be discussed and debated. Certs are the only
way to do this (they just happen to be the most efficient way of doing 1
to many authentication called for by the web). Other uses can be used
just as well, but no authentication does not give you a secure connection.
Best regards,
Yannick LaRue
SSE Carte à Puce Inc.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
