On Thu, Nov 13, 2014 at 11:16 PM, Henri Sivonen <hsivo...@hsivonen.fi> wrote:
> The part that's hard to accept is: Why is the countermeasure > considered effective for attacks like these, when the level of how > "active" the MITM needs to be to foil the countermeasure (by > inhibiting the upgrade by messing with the initial HTTP/1.1 headers) > is less than the level of active these MITMs already are when they > inject new HTTP/1.1 headers or inject JS into HTML? > There are a few pieces here - 1] I totally expect what you describe about signalling stripping to happen to some subset of the traffic, but an active cleartext carrier based MITM is not the only opponent. Many of these systems are tee'd read only dragnets. Especially the less sophisticated scenarios. 1a] not all of the signalling happens in band especially wrt mobility. 2] When the basic ciphertext technology is proven, I expect to see other ways to signal its use. I casually mentioned a tofu pin yesterday and you were rightly concerned about pin fragility - but in this case the pin needn't be hard fail (and pin was a poor word choice) - its an indicator to try OE. That can be downgraded if you start actively resetting 443, sure - but that's a much bigger step to take that may result in generally giving users of your network a bad experience. And if you go down this road you find all manner of other interesting ways to bootstrap OE - especially if what you are bootstrapping is an opportunistic effort that looks a lot like https on the wire: gossip distribution of known origins, optimistic attempts on your top-N frecency sites, DNS (sec?).. even h2 https sessions can be used to carry http schemed traffic (the h2 protocol finally explicitly carries scheme as part of the transaction instead of making all transactions on the same connection carry the same scheme) which might be a very good thing for folks with mixed content problems. Most of this can be explored asynchronously at the cost of some plaintext usage in the interim. Its opportunistic afterall. There is certainly some cat and mouse here - as Martin says, its really just a small piece. I don't think of it as more than replacing some plaintext with some encryption - that's not perfection, but I really do think its significant. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
