
It’s Time to Encrypt the Entire Internet - nodefan
http://www.wired.com/2014/04/https/
======
plg
It's time to decentralize the internet. There is no good reason why we can't
have email, webpages, photos, even facebook-like social stuff housed on our
own machines in our own homes (or some other place under our control).

The current situation is akin to having to travel to some centralized letter-
reading facility in order to read letter mail. Your grandma sends you a letter
in the mail and you have to go to a central facility downtown, then prove your
identity, and then they hand over the (opened) letter.

We put a man on the moon more than 40 years ago. We must be able to sort this
out.

~~~
pwg
> It's time to decentralize the internet. There is no good reason why we can't
> have email, webpages, photos, even facebook-like social stuff housed on our
> own machines in our own homes (or some other place under our control).

This is how the internet is designed, and you can already do this today. In my
case, I host my own dns, email, and my own webpages, locally on my home
connection. You just have to be willing to learn, and willing to do. Once
you've learned, the actual "do" is rather trivial.

[edit: forgot to list dns in the first version]

~~~
knowledgesale
Why would you need your own DNS?

~~~
dobbsbob
To avoid DNS censorship, my ISP filters pirate bay, plenty of other sites.

~~~
sp332
You could just use Google's 8.8.8.8 and 8.8.4.4 though.

~~~
pdkl95
Google's DNS resolvers are 100% truthful?

~~~
sp332
I've never heard of them changing or blocking entries. They're on Wikileaks'
list of censorship-avoiding DNS servers
[http://www.wikileaks.org/wiki/Alternative_DNS](http://www.wikileaks.org/wiki/Alternative_DNS)
And Google claims: _Google Public DNS does not perform blocking or filtering
of any kind._ [https://developers.google.com/speed/public-
dns/docs/intro?cs...](https://developers.google.com/speed/public-
dns/docs/intro?csw=1)

~~~
pdkl95
Not what I had in mind. Ignoring the NXDOMAIN results, what makes you trust
the VALUE of the NS/A/AAAA/MX/whatever records you get from Google (or any
other resolver)?

Because I _have_ frequently seen provably-wrong results from other resolvers,
and some highly-suspicious results from 8.8.8.8 on occasion (though I haven't
checked particularly often).

The point being, unless you're proving the results with DNSSEC (or similar),
you can't trust _any_ source.

~~~
sp332
Is that the sort of thing that could be fixed by running your own DNS
resolver? I mean it all comes down to DNSSEC eventually.

~~~
pdkl95
You can limit some of the simple abuses by resolving DNS yourself, but DNSSEC
(or other crypo-auth system) is best, of course.

I use and recommend doing both, as there's very little downside to running
your own resolver.

------
y0ghur7_xxx
The only problem I see with https everywhere is the current CA system. I don't
trust CAs, and I don't want to pay them. If we can get rid of them somehow
there is nothing in the way of https everywhere anymore. I really like the
[http://convergence.io/](http://convergence.io/) approach, but anything else
that gets rid of a central authority I have to trust will do for me.

~~~
A_COMPUTER
Is convergence still running? I last tried it a couple years ago and the
number of authorities dropped to three.

~~~
y0ghur7_xxx
Some say it's not dead¹. But it doesn't seem to have any traction, which is a
shame.

Perspectives is a similar project and seems more alive with a release in
February: [http://perspectives-
project.org/2014/02/15/perspectives-4-4-...](http://perspectives-
project.org/2014/02/15/perspectives-4-4-released/)

¹[https://twitter.com/ivanristic/status/400624593515192320](https://twitter.com/ivanristic/status/400624593515192320)

------
swombat
So perhaps this should start with a reduction in the cost of valid, "don't
throw a security warning" certificates down to zero.

At the moment the SSL certificate industry is one big ripoff fest...

~~~
dspillett
You mean like [https://www.startssl.com/](https://www.startssl.com/)? Their
standard certificates are accepted by all major browsers released since 2010
(see
[http://en.wikipedia.org/wiki/Startssl#Trustedness](http://en.wikipedia.org/wiki/Startssl#Trustedness))
and are free for non-commercial use (I've heard claim of trouble with Windows
Phone 7 devices but I've not had opportunity to check that myself).

[http://www.cacert.org/](http://www.cacert.org/) is another option, but their
CA cert is generally trusted by default so it is no good for publicly targeted
services.

~~~
Karunamon
You mean the one with a terrible user interface who charge 25$ to regenerate a
cert?

PKI is a scam and a racket.

~~~
dspillett
_> PKI is a scam and a racket._

The current implementation is far from perfect, but that is more than a tad
strong.

And it need not be as bad as it is, we just need to find the right changes to
the process and get everyone to agree on them...

Don't tar all PKI based solutions with the same overly large brush.

 _> You mean the one with a terrible user interface_

I'll not disagree with you there. Though for free are you expecting
perfection? It at least does the job.

 _> who charge 25$ to regenerate a cert?_

Pro tip: backups.

If you properly protect your keys and certificates you only need to pay if you
need the old cert revoked (this is annoying if something beyond your control
makes you need a full resign rather than a reissue, but things like heartbleed
that necessitate this are hardly common).

~~~
Karunamon
Trust me, that is not an accusation I bandy about lightly.

    
    
         <rant intensity="120%">
    

It's a scam in that SSL purports to verify identity, when really you're
trusting the CA to handle that; some do more, some do less, there's no
standard, no _real_ accountability beyond major cockups when the community
decides to disown you out of necessity for bad behavior (see Diginotar from
not that long ago). Having a CA signed cert proves nothing beyond that you
gave some person who is trusted some amount of money who ostensibly verified
something.

It's a racket in its implementation. The PKI model used nowadays is rotten and
exploitative. Renewals which exist as a pure profit vehicle for CAs (upwards
of $100 to run some code and generate a hash? Fkn seriously?), the
implementation in every browser which treats a self-signed certificate as
coming from a known bad guy, or the slightest misconfiguration as same.

But every single user out there has it drilled into their head to look for the
little lock (or nowadays, the much more expensive by a factor of ten or so
green bar) before shopping, and every browser out there throws really scary
looking errors (Chrome's red screen of doom) for something so much as an
expiration date. The CA's can effectively say "Gee, that's a nice commerce
website you have there, would be a shame if something were to happen to it and
all your customers got scared off since you didn't pay your protec^H^H^H^H
renewal fee" \- Some basically do, especially around renewal time.

Charging to regenerate or revoke a certificate (again, completely automated
processes with zero human interaction required) is just rent-seeking dick
behavior of the highest order.

Why do I have to pay upwards of $100 for a wildcard certificate? They don't
cost the CA anymore to issue or handle, it's identical to any other
certificate except the CN field is written slightly differently. No, the
fuckers expect me to either pay for a massively overpriced bit of hashed code
or pay lots of times for slightly different overpriced bits of hashed code.
Either way, i'm getting screwed. All so people who visit my website don't get
scary and misleading warnings.

~~~
dspillett

      the implementation in every browser which treats a self-signed certificate as coming from a known bad guy
    

Ah, you are a "self signed certificates should be accepted" guy. I very much
don't agree there.

A self-signed certificate effectively gives none of the protection of a cert
signed by a trusted CA so the warnigs areperfectly valid. Of course self-
signed certificates are perfectly valid in specific communities: a company
might sign the certificates for all its internal apps themselves and make sure
their standard employee desktops & laptops trust their internal CA, or you
could sign your own and have your friends and other contacts install your CA
as a trusted one. But for public use they are simply not valid.

The commonly given comparison here is the way SSH works, but that is _not_
comparing oranges to oranges. With SSH you also have some authentication
credentials that have been given to you via another channel, with a self-sign
certificate you do not. You can emulate SSH's "remember this servers ket
fingerprint and only tell me if it has changed" in most browsers by adding a
permanent exception, so it'll only moan again if the self-signed certificate
changes. Firefox does this.

    
    
      Having a CA signed cert proves nothing beyond that you gave some person who is trusted some amount of money who ostensibly verified something.
    

That is true, but having a self-signed cert proves _nothing at all_. There
_is_ some process (a process that has been shown to have exploitable flaws
I'll grant you, but a process exists and is far from completely broken) to try
make sure that the CAs that are generally trusted are generally trustworthy.

    
    
      Renewals which exist as a pure profit vehicle for CAs
    

Renewals exist because certificates expire. Certificates expire because an
infinitely valid certificate is potentially dangerous because the revokation
process can not be relied upon in many cases.

    
    
      ... for something so much as an expiration date ...
      Gee, that's a nice commerce website you have there, would be a shame if something were to happen ...
    

If your e-commerce site finds $7/year or the hassle of using StartSSL's
interface for free (or $120/y or $70/y respectively for EV certs) a problem,
then it isn't much of a profit making e-commerce site...

    
    
      Charging to regenerate or revoke a certificate is just rent-seeking dick behavior                               
    

I'll say again: keep secure copies of the relevant keys and you won't need to
use the regeneration or revocation procedures.

    
    
      again, completely automated processes with zero human interaction required                                    
    

Automated processes _that rely on infrastructure that someone needs to create,
monitor, and maintain_. If you ignore the infrastructure creation and
maintainance costs then yes the process is zero effort and near zero cost
(just a little electricity for the CPU time) but ignoring those factors is
simply fallacious reasoning.

If you so strongly believe that this is a complete and utter rip-off and that
you could do it so much cheaper, why not do so? If you _can_ do it as well
while charging less (or nothing) then people will flock to your service. One
man's margin is another's opportunity.

    
    
      Why do I have to pay upwards of $100 for a wildcard certificate? They don't cost the CA anymore to issue or handle
    

That I'll grant you, but artificial market segmentation exists _everywhere_
for better or worse (usually for worse from the consumer's PoV) rather than
being a property of this particular area.

    
    
      All so people who visit my website don't get scary and misleading warnings.                                 
    

The scary warnings are not misleading in the worse cases. If a DNS hijack
passes your bank's traffic through a server that has a self-signed certificate
would you want your browser to warn you or just carry on because self-signed
certificates are fine usually? Unfortunately there is no way to differentiate
the bad and fine situations so we give the scary warning for both to make sure
we give it when it is really needed.

If you can think of a better way then do let people know, everyone in the know
knows the current arrangement way isn't perfect so a good idea well presented
should get listened too if addequately explored and explained.

If what you are looking for when you refer to "people visitin my website" is
simple anti-snooping protection (so random people on the same WAN can't see
everything for instance) rather than identity assurance, then there are
already moves in that direction. HTTP2, due to be submitted for approval in
final form later this year, will use encrypted traffic in _all_ cases in a way
the ensures this level of protection (though I've not yet read into the
details of these proposals myself, I'll reserve judgement on how effective
that will be until I have) meaning that is soon to become a sorted problem if
things work out as expected. For e-commerce or anywhere else where greater
trust is required though, a CA-signed certificate will still be required
because for those uses identity assurance is essential.

~~~
Karunamon
>You can emulate SSH's "remember this servers ket fingerprint and only tell me
if it has changed" in most browsers by adding a permanent exception, so it'll
only moan again if the self-signed certificate changes. Firefox does this.

Doing this en-masse would be a much better system than we have right now.
Example: Have a random internet user visit a site and note down the details of
the certificate they get (automatically). Repeat a few thousand times. Compare
notes. Wait a sec, why do I have a different certificate than 99% of the other
visitors? Hmm. Throw alerts.

The chances of the average user being the target of a MITM is utterly
minuscule, so this system ensures that you as the bad guy either have to own
the service provider directly by installing a certificate you have keys for,
or _every single user that hits the site_ simultaneously to prevent the others
from being alerted.

Pinning on steroids, basically. No CA's required.

> _but having a self-signed cert proves nothing at all._

..other than the connection being encrypted, the CN on the cert matching the
domain name, and it not being expired. This is the same data that the lowest
level certificates from every CA provides.

I believe that the past decade or so has shown that CAs do not deserve the
level of trust they're implicitly given. I certainly don't trust them. We know
they can be coerced by the bad guys with guns to generate certs anyways. QED,
they are not trustworthy.

>Renewals exist because certificates expire. Certificates expire because an
infinitely valid certificate is potentially dangerous because the revokation
process can not be relied upon in many cases.

Then re-generate the bloody certificate and don't charge me money for the
privilege of giving me exactly what I had before with a different date on it!

> _f your e-commerce site finds $7 /year or the hassle of using StartSSL's
> interface for free (or $120/y or $70/y respectively for EV certs) a problem,
> then it isn't much of a profit making e-commerce site..._

Ah yes, the old "It's not _that_ expensive, so why are you complaining?"
canard. A dime here, a nickel there. It's nothing.

Why just a little of a bad thing remains bad is left as an exercise to the
reader.

> _Automated processes that rely on infrastructure that someone needs to
> create, monitor, and maintain. If you so strongly believe that this is a
> complete and utter rip-off and that you could do it so much cheaper, why not
> do so? If you can do it as well while charging less (or nothing) then people
> will flock to your service. One man 's margin is another's opportunity._

Why are there no serious community CAs? Why is every single one of them a
large corporation? Larger infrastructure projects exist that are community,
free/donationware efforts, after all. Is it really that hard, or is there some
other reason?

I'll wager that one of the reasons is that entrenched players (the VeriSigns
and Comodos and Thawtes of the world) get to set the standard for the market.
For audits (e.g. Webtrust) that cost tens-to-hundreds of thousands of dollars
to complete.

De-facto regulatory capture, except the regulations are more of a consensus
than top-down legislating.

>The scary warnings are not misleading in the worse cases. If a DNS hijack
passes your bank's traffic through a server that has a self-signed certificate
would you want your browser to warn you or just carry on because self-signed
certificates are fine usually?

I have no way to prove this, but I would be willing to bet large and
ridiculous amounts of money that 99 out of 100 SSL warnings an average
computer user sees is going to be the result of either misconfiguration (a
badly set CN is common) or expiration. The connection is still encrypted and
the certificate was still generated by a "trusted" CA so we know that the
identity is valid (what are the chances that the owner of bar.com doesn't know
of the existence of foo.bar.com?) - yet we still cry wolf like something is
very definitely wrong.

And I say "cry wolf" for a reason. With the majority of SSL warnings being
bogus (bogus as in they fail part of some validation test, instead of bogus as
in the user was in some actual danger), we're training users to override the
annoying warning every time.

And you can't override parts of the validation - it's all or nothing. If I
know a certain website has an expired cert, and everything else is still
valid, why can't I just override the expiration check? Being N+1 days out of
date doesn't reduce the security of anyone concerned. - Instead I have to
completely except the cert from all checks and then I _won 't_ get warned if
say, the issuer changes or the CN doesn't match or some other data point,
which when taken together, might add up to a different whole.

------
AshleysBrain
There's the obvious security/privacy point, but I think on a technical basis
it would also be useful: the internet is full of pesky middleboxes which
meddle with content, and this breaks things. For example, sometimes WebSockets
can't connect unless run securely because somewhere a middlebox is looking at
the content and changing it, expecting it to be HTTP traffic when really it's
a websocket. Encryption removes the possibility for infrastructure-breaking
middleboxes.

------
dobbsbob
HTTP/2.0 is working on encrypting everything though NSA shills have managed to
derail the working group by proposing "trusted proxies" that are allowed to
decrypt traffic for nonsense optimization reasons.

~~~
darkhorn
Will encryption be mandatory in HTTP2?

~~~
Zikes
It's central to the protocol, if I recall.

------
romanovcode
Yet when I go to this link it's plain HTTP.

~~~
AhtiK
Wired just got it wrong postfixing https instead of prefix :)
[http://www.wired.com/2014/04/https/](http://www.wired.com/2014/04/https/)

But to stay on topic: encouraging this kind of major shift to SSL spreads a
problem that is still there but is very little acknowledged or worked on --
revocations.

Certificate revocation check is using either CRL or OCSP. CRL is a list of all
the revoked certificates - browser needs to download the whole file and then
check if the cert is revoked. OCSP is an optimized protocol to perform a more
efficient certificate validation.

CRL is slowly being phased out as it grows too fast and there are jokes around
that thanks to heartbleed the size becomes comparable to a blockchain.

But now the real issue: almost NONE of the mobile browsers check for
revocation! Add to this that by default Chrome is not checking for cert
revocation either. So isn't this rendering the whole revocation mechanism
almost useless against a real attack?

There is a reason why it's not done in mobile (and Chrome) -- it makes the
requests slower, especially in mobile. There is a timeout fallback in browser
so that whenever OCSP responder times out then browser assumes the cert is
valid. Which is not helping when the real attack is executed.

To sum up, until there is a 99% browser-market covering revocation mechanism
that is not slowing down the browser CA-based SSL certificates are too fragile
to get us to the safe and encrypted future.

~~~
claudius
However, it seems possible to explicitly use a _secure_ browser (i.e. one that
checks certificate revocations) if the need arises. You don’t need 99%
browser-market coverage to allow people to securely connect to your site, nor
do you need 99% browser-market coverage to securely connect to a given site.
You _only_ need that site to implement HTTPS, either with a self-signed cert
and e.g. Certificate Patrol on your side or a CA-signed cert and a revocation-
checking browser. In the latter case, you should also configure your browser
to consider an OCSP failure an invalid certificate, not a valid one.

~~~
AhtiK
This all sounds good but at the same time only Firefox has OCSP Hard Fail
feature (OCSP failure==invalid cert). Please correct me if it's still possible
with others.

Also user must become a rather paranoid person in order to start using a
browser in mobile that supports hard fail OCSP. Getting HTTPS everywhere
shouldn't mean promoting false sense of security.

Considering that most HTTPS attacks require MITM it seems to me that OCSP
without Hard Fail leaves attack vector wide open.

------
borplk
For as long as the general population remains as computer illiterate as they
are today no amount of encryption or decentrialising will save the internet.

Despite its growing importance, the topic of computing is completely ignored
at school.

They teach the kids how to click on a few icons on Microsoft Word and Excel
and PowerPoint, they graduate and become adults and think they know about
computing.

We have trained people to not learn anything of substance about computers,
just click on this button, and push that button ... easy. There's only so far
that stuff goes.

When they teach you calculus, you don't turn around and tell the
mathematicians "oh well ... just go make it easier for me this is not user-
friendly".

But with software no one is willing to take a single step towards learning
some basic principles.

So we end up making sacrifices because people can't be bothered with anything
more complex than pushing this big green button right here.

A better internet requires a population that understands some basic principles
and is therefore willing to put some effort in protecting themselves.

------
rakoo
> You have to purchase TLS certificates from one of several certificate
> authorities

I'd like to stop this misconception. You don't buy certificates. You make your
own certificate, which is unknown to the world, and _then_ you buy a stamp
from a trusted third-party on your own certificate, so everyone can trust it.

The crux of the matter is whether you can actually trust these third-parties.

~~~
nly
That's not accurate. You send them a 'Certificate Signing Request', which is a
request for them to issue you with a certificate. It's not a complete
certificate template just lacking a signature. In any case... semantically a
certificate isn't a certificate until it's been _certified_ , it's just
meaningless paper.

In some ways this reminds me of the misconception about birth (and marriage)
certificates from people new to genealogy. In the UK a birth certificate is
just a piece of paper that contains markers of authentication to ensure people
who read it can trust that it's true likeness of _a record_ held at Her
Majesty's GRO. It doesn't provide any guarantees about the honesty of data
itself, or even if the person was ever born, in the same way me reading an
x509 doesn't guarantee the data it contains is factual or was issued to the
right person. Even if a CA does these checks, there's no way to insert a proof
of such in to a certificate, therefore the certificate isn't such a proof...

------
kryptiskt
"Everything on the Internet should be strongly encrypted all the time." \--
Bob Metcalfe (Infoworld 24 June 1996)

------
rikacomet
The question is better posed as "Can encryption put the morals of 'you know
who' back in place?"

As I see it encryption works against your average trouble maker. But the
current wave essays that the data needs to be protected from even more people.
Definitions like GOVERNMENT, CORPORATE, etc. Traditionally the GOVT needs that
info to make macro-level decisions, so it was trusted by most people. CORPS on
other hand could get that info, and the GOVT was supposed to regulate that
process.

Now it seems that the GOVT has gone beyond its neutral stance, but wait! it is
actually not the GOVT, but the individuals at fault here. If you see this
problem as something induced by corporate greed, than its possible to see this
situation from a tech-security-guy-point-of-view as:

The GOVT needs to keep all the windows safe from such greed, and the CORPS
just need few windows to get inside, just like in Computer Security. Now join
reality with this hypothesis, and ask yourself this:

How many politicians fail to draw a line between: (1) cooperation (with CORPS)
for "selfish" reasons (2) cooperation (with CORPS) for "democratic" reasons

Now yes, historically many politicians have fallen prey to this type of thing,
but up to what extent? You take succumb to it sometimes or regularly on a
personal level? And yes, many corporate individuals/entities feel that they
are at disadvantage if they don't cheat slightly, but does it stays within the
self drawn line called "slightly/just a bit" or goes beyond it?

At the end it becomes a chicken and egg problem. But is that really impossible
to solve? Is the encryption alone or together with other things answer to this
dilemma? And is it okay to sit at home, knowing you have the antidote to all
the problems in the world, and let everyone outside "go to hell?"

PS: Seemingly, the traditional 4th party: Elite evil hackers seems to be in
line, thanks to a lot of people in US security structure working against them.

------
AhtiK
Here's my quick write-up on why encryption won't get us anywhere without a
proper revocation mechanism (yes, it's 100% broken in the mobile).
[https://news.ycombinator.com/item?id=7604641](https://news.ycombinator.com/item?id=7604641)

------
obeattie
"That means secure connections to everything from your bank site to Wired.com
to the online menu at your local pizza parlor."

Oh, the irony that the article itself isn't served over HTTPS.

~~~
sigzero
That's not really irony since it is proposing a possible "future".

------
einaros
[https://encrypt.today](https://encrypt.today) \- who said the new TLDs were
useless?

------
Infinitesimus
Encrypting the internet is not enough if a few companies have unlimited
resources and the freedom to figure out how to break the encryption (legally).

*Edited for clarity

~~~
swombat
False. What you say _reduces_ the usefulness of encrypting everything but
certainly doesn't make it "useless".

~~~
Infinitesimus
That's true, I misspoke. It does make it hard for the average joe hacker to
get steal information, which is very valuable.

