
Crypto Zealots - r4um
http://www.potaroo.net/ispcol/2018-03/pe.html
======
motohagiography
It is worth reading the article this posted one is in response to.
([http://www.circleid.com/posts/20180225_humming_an_open_inter...](http://www.circleid.com/posts/20180225_humming_an_open_internet_demise_in_london/))

It has the kind of inflammatory institutional chauvinism one usually expects
from bureaucrats defending their turf and moralizing their powers, but it's
important to understand the outcomes the people like them are aiming for.

Additionally, ignoring for a moment the usual appeals for intelligence and law
enforcement, the coalition of interests the author is referencing includes
those interested in enforcing "societal norms," and "support for persons with
disabilities."

The first means censorship and those people never seem to go away. But the
second has nothing to do with transport layer encryption and appears to be a
dogwhistle offering tacit institutional support to political agitators who
want to get onside with adding surveillance levers to the internet.

The article could reasonably be interpreted as a threat that if TLS 1.3 is
adopted and imposes further costs on pervasive surveillance apparatuses, they
will co-operate to further balkanize the internet.

~~~
lakechfoma
That article was so hard to read. He jumps to so many conclusions without any
logical path like the use of TLS will stress the bandwidth of providers,
claiming its like "unauthorized taking of the provider's transport network
resources". How will TLS vs not TLS meaningfully impact amount of traffic on a
network? He doesn't say, just claims it. I'm guessing he means the provider
can't throttle/control traffic based on packet inspection as easily?
Regardless, this is like saying everyone in the neighborhood running all of
their faucets at the same time is like stealing from the water provider.
That's literally their only job, to be a pipe for water. People aren't
stealing by stressing the network, if anything the network would be stealing
for not running as advertised.

"TLS 1.3 significantly facilitates widespread malware distribution" this
guy...has to be getting paid by someone to say this, right? Who is this dude,
what is CircleID?

~~~
milesvp
There's throttling to consider, but there's also caching. It's been a long
time since I've had conversations with any NetOps folks working for ISPs, but
it used to be very important for the health of a network to do considerable
caching wherever possible. It's why http includes cache control headers. With
TLS, only the browser can now honor this TTL, and an ISP can no longer cache a
particularly popular webpage. I've long suspected that caching strategies are
no longer very useful given how the internet looks today, but I also
understand powerlaws and it wouldn't surprise me if caching is just as useful
today as it was 20 years ago.

~~~
pjc50
So many popular webpages these days are dynamically generated that it can't
possibly make much of a difference. I suspect the bulk of traffic by weight is
video these days.

If my ISP can cache my traffic they can censor it - and do. Every now and
again I'm reminded by accident that EE mobile are scanning all my URLs for
censorship purposes.

~~~
subway
_If my ISP can cache my traffic they can censor it - and do._

Only if they can forge a cache-hit, or block a cache-miss from passing
through. Something content addressable (like IPFS) would allow an untrusted
party to provide useful cache. (doesn't solve the privacy aspect of the
untrusted party knowing I accessed the content though).

------
Aissen
If there's still any doubt that encrypting everything is the right way to go
for internet protocols:

 _Huge: @Citizenlab catches ISPs invisibly redirecting download requests for
popular programs, injecting them with government spyware. Unencrypted web
traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top
internet sites affected._

[https://twitter.com/Snowden/status/972110541408952320](https://twitter.com/Snowden/status/972110541408952320)

~~~
symtos
The ISP in question is in Turkey, so it should probably be noted that the
Turkish government has a root cert trusted by both Mozilla and Microsoft.

[https://ccadb-
public.secure.force.com/mozilla/IncludedCACert...](https://ccadb-
public.secure.force.com/mozilla/IncludedCACertificateReport)

[https://social.technet.microsoft.com/wiki/contents/articles/...](https://social.technet.microsoft.com/wiki/contents/articles/51151.microsoft-
trusted-root-certificate-program-participants-as-of-january-30-2018.aspx)

~~~
upofadown
Pretty sure that such a root cert would be fairly quickly yanked if they got
caught using it for MITM attacks. That would cause a lot of trouble for the
primary users of such certs. Such attacks are best done with some relatively
obscure and unimportant compromised certificate authority.

------
Luker88
After reading both the linked article and the original to which this responds,
I can say I am one of those Crypto zaelots. And not just because I am
developing a protocol that encrypts everything end-to-end.

The original article's claims are ludicrous, stating that TLS 1.3 would be
basically unlawful, since the ISPs can not read the data. Than it says that a
open internet is bad, citing small, empty pages that go from "there are nazis
there" to "this and that political figure is there only thanks to the
internet".

The solution is: middleboxes that see all your traffic. ...'cause Trump would
not have been elected with your middleboxes or something? That alone is
disturbing on many levels.

The author of the linked article points out that it is a bad idea due to what
Snowden brought up, but basically stops there.

So please let me say, fuck you and your middleboxes. But not only because of
the Snowden revelations.

I have seen middleboxes truncate traffic because they didn't understand a TCP
option. Throttle/drop everything because they were way too downsized and could
not handle the traffic, some barely able to NAT, let alone do their
inspection. Centralized firewalls crashing due to too many packets in memory.
Captive portals that spoof dns so that they can display the login page, except
that I can't see that, 'cause HSTS and they don't have the certificate, or my
device caches the DNS query result and I can't see that site anymore.

So Fuck you and your middleboxes. Especially those that intercept all your TLS
traffic, analyze and then pass it through, signed with their CA. Except they
didn't really control the original certificate, or you can't control the
trusted CAs. Or those that blocked me from updating antiviruses, because guess
what, false positives. Or those that MITM your dns queries, to give you your
much needed advertisement, when they don't outright MITM your HTTP to add
_their_ advertisement.

Are any of those middleboxes ever updated anyway? By the developers, not by
the local admins. Those middleboxes that break stuff and make troubleshooting
hell. I have seen too many old, never-updated stuff to believe in your
middleboxes anymore.

If a company wants/needs to see/modify the traffic, then fine. On their
devices. Install a CA there or install a VPN that tunnels the device to your
proxy or something. Why does it have to transparent, for everyone?

So really, I'm with the author. Fuck you and your fucking middleboxes.

~~~
Bartweiss
> _I am one of those Crypto zealots_

It's an unusual feeling to become a strawman.

Every so often, somebody attacks a point by saying "Why, $foo is absurd! If
you did foo, you'd be embracing a world that that looks like $bar!" And I read
their piece, and think "Yeah, I'm totally on board with $bar. Sounds good!"

It's a depressing reminder of just how far apart people's goals can be. I
don't just disagree with them, I have views so distant that they use my
beliefs as a reduction to the absurd.

Fuck that article, and fuck its middleboxes. I accept that I am, by many
standards, a crypto zealot. I'm alright with that.

------
eadmund
> We’ve seen programs such as Let’s Encrypt that bring the price of domain
> name public key certificates down to a base of free.

And, interestingly enough, turn the implicit assumptions behind the whole XPKI
infrastructure on their head.

CAs built their business on the idea that we needed to know that sears.com is
Sears, Roebuck & Co., while sears.net is a family website. But it turns out
that we don't really care: we care that google.com is google.com, and that's
it.

What we _really_ want is to know that the IP address we're talking to is the
IP address we think we're talking to, and that the IP address we're talking to
is the one we looked up for a particular DNS name. What we really want is not
an identity-authentication certificate, but rather authorisation certificates.

Over twenty years ago, RFCs 2692 & 2693 (and follow-up draft work) identified
the issue, and offered a solution — but the industry stuck with identity-
authentication certificates. This is kinda crazy when you think of it: knowing
who someone is doesn't guarantee that I want to do business with him.

~~~
ballenf
> But it turns out that we don't really care: we care that google.com is
> google.com, and that's it.

It's worse than that. 9/10 users I observe 'google'* google in order to run a
google search. _Every single time_ they go to a website that isn't saved as a
bookmark, they search for it instead of typing an address into the address
bar. I used to be surprised seeing people google 'gmail' and then click the
top ad every morning... But I don't blame the users as much anymore. The
companies that makes the browsers and web search know all this too and the UI
has actually evolved to further muddy the difference between search and
address.

(Increasingly they bing it due to MS defaults in Win 10.)

But your overall point is well taken and very true: having the sears.com
domain name might not be as important as having the top google hit for
'sears'.

~~~
Jtsummers
I used to be like that with real world directions. Constantly referencing
maps, people, or (later) smart phone maps. Then I started forcing myself to
develop an internal model of the regions I was traveling in, now I only use
the smart phone map for ETA and traffic information.

I think most people never really develop that mental model of how the internet
is laid out. I would get lost going from A->C or C->A. But I could go A->Town
Center->C no problem (and the reverse) but it took twice as long because I was
taking a suboptimal route. Everyone knows where Google is, it's the town
center of the internet (for them), like the portal sites that MSN, Yahoo!, and
others provide. So they go there and use it to make their way to their desired
destination.

~~~
Jach
I turned into the opposite for real world directions. I let google tell me
where to go, only rarely deciding a different route on my own. And sometimes
that's not exactly a fully formed different route but I want to go via a
certain way (e.g. non-freeway) and hope google updates the rest of its
directions to accord to that wish. It's taken me on some weird paths but
whatever.

My excuse is that I grew up in Utah, which has a fairly consistent and ordered
grid system with addresses almost always mapping to grid coordinates, so given
an address you don't need any special directions. You might still go to a main
road because it's faster, but you could instead optimize the Manhattan
distance without effort. Traveling elsewhere with places so fond of
nonsensical street names and non-grids, I gave up actively building a mental
model (I have an ok spatial model of my surrounding area in Bellevue/Redmond
but I've been here almost a decade...I have no idea where most of the street
names in Seattle proper fall and haven't bothered to learn any of the
mnemonics people have suggested) and let the machine tell me what to do.

------
tptacek
The piece in CircleID to which Geoff Huston is responding is pretty clearly a
troll, a bid for attention from someone professionally attached to some pretty
marginal "standards" groups. It's incoherent and poorly informed. It's
possible to make colorable arguments about the need for security protocols
that admit to legitimate monitoring. The CircleID piece didn't make any of
those.

It's a little embarrassing to see someone of Geoff Huston's stature responding
to what is so clearly a plea for recognition from someone who would otherwise
have no impact whatsoever on Internet engineering. It's much more embarrassing
for CircleID to have published that piece to begin with, but, what do you
expect? CircleID is terrible.

~~~
sesutton
From reading a few of Anthony Rutkowski's other screeds against end-to-end
encryption I got the impression he might be a shill for some middlebox vendor.
Did some digging and turns out he is an executive at Yaana which is a company
that does exactly the kind of work that TLS 1.3 is trying to frustrate (credit
to HN user Animats [1]).

>"Yaana is a leading global provider of a wide range of intelligent compliance
solutions including lawful interception, accurate data retention, big-data
search & disclosure, advanced security and application specific analytics."

That he thinks his unhinged writing style might be persuasive to anyone is
baffling to me.

[1]
[https://news.ycombinator.com/item?id=15586504](https://news.ycombinator.com/item?id=15586504)

~~~
twic
> That he thinks his unhinged writing style might be persuasive to anyone is
> baffling to me.

This is what got me. "humming"! It's classic crank writing; who could possibly
imagine that anyone could take this seriously?

~~~
tptacek
Humming, unfortunately, really is an IETF thing.

[https://tools.ietf.org/html/rfc7282](https://tools.ietf.org/html/rfc7282)

------
davedx
For me, a "crypto zealot" is somebody who says we shouldn't use SMS based 2FA
because it has some vulnerabilities: people who advocate using only the best
crypto, or none at all.

This just sounds like building a universal layer of encryption around all
communications. It's not zealotry but common sense.

~~~
ryanlol
>some vulnerabilities

lol. I guess that’s one way to put it.

~~~
unethical_ban
Any 2FA > Any 1FA, for a constant first factor.

------
baby
> A better position is to use QUIC. Not only is the payload encrypted, but the
> entire transport flow control is covered by the veil of encryption.

I'm not sure I understand his/her point. Maybe this is pointing to QUIC
encrypting part of the handshake?

~~~
tialaramex
Not just the handshake. With say HTTPS (HTTP over TLS over TCP) the
unencrypted TCP layer is where the flow control is, a bad guy can see and
manipulate this flow even though the application data is opaque to them. Every
TCP packet is identified as to which session it's part of, and the TCP stack
is relying on the flow control to tell it e.g. to slow down because things are
congested.

In QUIC all that vanishes inside the encryption. The only things left
unencrypted are the source and destination address.

~~~
baby
Oh I see what you're saying. Is it really an improvement though? If a bad guy
can see and manipulate your TCP flow, he could also just drop packets.

~~~
slrz
It's an improvement because middleboxes can't mess up your packets when you're
using authenticated encryption. Sure, they can still drop all of them, but
that's a much easier problem to debug than otherwise.

We have all these problems because a lot of middleboxes crap their pants when
they "see" something in the protocol headers that their developers did not
consider because it didn't seem to happen on their laptops or whatever.

So you make the protocol headers invisible to the network's middleboxes to
prevent the middlebox developer's broken mental model about that protocol from
breaking your pipes.

~~~
baby
I see your point. Also, they can still "control" the flow of QUIC (to a lesser
degree I'd imagine) by dropping some of the packets.

------
blattimwind
(Surprisingly the fine article is about cryptography, not fake internet money)

~~~
Khol
Is this really surprising? I'm (still) more surprised when I click on an
article with crypto in the title and it's not about cryptography. (There may
be some underlying bias as to the links I see/am sent.)

~~~
simias
In this particular instance I fully expected an article about cryptocurrencies
but I think that's mainly because of the other word in the title. I don't
usually associate cryptography with zealotry.

------
betageek
> We’ve seen programs such as Let’s Encrypt that bring the price of domain
> name public key certificates down to a base of free

Only free if you value your time at $0.

~~~
Hamuko
I don't really see the difference between it and other certification. Surely I
need to configure my servers regardless.

Also, sometimes doing a bit of server work is rewarding on its own.

~~~
betageek
My problem is with the crusade to make everything HTTPS - normal HTTP involved
no ongoing setup, and didn't put the ongoing functionality of your website in
someone else's hands. As I've said above, LetsEncrypt is sponsored by
corporations and could disappear tomorrow.

~~~
AluminiumPoint
Do you live in some parallel universe where we do not have mass surveillance,
nation states or internet providers modifying traffic or unencrypted wifi at
coffee shops?

Your attitude is irresponsible. HTTPS is not a luxury, it is a requirement.

