2015-06-10
My pragmatic view on switching to HTTPS and TLS everywhere
Roy Fielding is not a fan of using TLS everywhere (via Aristotle Pagaltzis, among others). He argues, as far as I can understand, that TLS mostly provides confidentiality (and a certain amount of integrity), not privacy; if I have it right, his view of 'privacy' seems to be 'privacy even from the site operator'.
My view on all of this is that I'm a pragmatist. Right now there are real, non-theoretical intermediaries between me and a lot of the people who are reading this who are intercepting and logging HTTP traffic. Some of them are adding individually identifiable tracking information that I could take note of if I wanted to, and some are altering the content for various reasons (including the alteration of 'we'll block access to this now that we see what it is'). None of this is theoretical or obscure and increasingly it's not even uncommon. And it's all going to get worse if we let it because all of the intermediaries involved gain value from doing this kind of stuff; they have been restrained so far only by some combination of lingering legal concerns and technical (or budget) limits.
So I strongly disagree with Fielding when he says:
TLS is NOT desirable for access to public information, except in that it provides an ephemeral form of message integrity that is a weak replacement for content integrity.
First off, that 'except' is a really important thing, as we've seen. By itself I feel that preventing third parties from tampering with web-fetched resources in flight is now a vital concern, since third parties are actually doing it now. But I also disagree about the general issue of access to public information.
Libraries are full of public information, pretty much by definition. Yet librarians zealously guard (and block) access to information about who has checked out what, because they understand that revealing that information can be damaging. What public information you access says a lot about you and your concerns. To stretch the analogy even further, it's useful for librarians to protect your borrowing records even though a sufficiently dedicated third party could deduce much of the information given enough work.
Are HTTPS and TLS perfect? Of course not. Do they still betray some information about your requests? Of course. But they are still the best tool we have at hand to deal with the serious problems that we are having right now. HTTPS everywhere will unquestionably cramp the style of a bunch of people who are up to no good, which beats letting them continue on undisturbed.
(In security, as in much else, the perfect is the enemy of the good.)
(It's also my outsider's opinion that the IETF is probably the wrong place to come up with new cryptography and privacy standards. I suspect that in practice the IETF is better served by recommending and using existing practices such as TLS. Partly because this is because TLS already exists in widely available form, making it easy to adopt and use.)