
Why isn't all Internet traffic encrypted? - chrisaycock
http://superuser.com/q/346856/56974
======
biot
Most people are focusing on modern reasons. The historical reason is that when
the internet was being developed, public key encryption hadn't been invented
yet. The 1960s and early 1970s was when the internet was created and it was
only until the mid 1970s that public key encryption came about. The problems
of secure key exchange hadn't been solved at the time. Even if those problems
had been solved, clock speeds were measured in megahertz [edit: sometimes
kilohertz]; every clock cycle mattered.

Fast forward to today and this legacy has remained. Many protocols are being
retrofitted to support encryption, but it's similar to why railroad tracks are
the width they are: Roman chariots used the same width.

Additionally, don't discount developer laziness. It's much easier to debug a
plaintext stream than an encrypted one.

~~~
aaronbrethorst
> Roman chariots

<http://www.snopes.com/history/american/gauge.asp>

~~~
biot
Thanks. It looks like I'll need to find a new "historical inertia" analogy to
use. Suggestions welcomed.

~~~
DLWormwood
Read the Snopes article in it's entirety. It's still "technically true;" it
just didn't happen with deliberate or accidental intent. "Inertia" is the
perfect word in such a case.

------
pak
Putting aside the whole issue of delegating trust via certificates, the
simpler answer is that encryption is hard, and thereby expensive. For many
purposes, both service provider and client continue to consider it an
unnecessary expense.

Only recently, with the spread of wireless networks, has the threat of en
masse MITM and eavesdropping attacks become realistic. For a long time, it
took serious knowledge to pull these things off on a wired LAN or within the
walls of an ISP.

You could say the same about phone calls--why isn't the POTS network
encrypted?--but that's because it's well constrained within wires run by
trusted people and such cost is not justifiable; but with the advent of cell
phones, protocols like GSM had encryption built into them, since telcos
couldn't ignore that data sent over the air is readily captured and
manipulated.

~~~
drzaiusapelord
Oh, I wouldn't say it took expert knowledge in the past. I've been able to
download ettercap for years. It'll sniff switched networks. I just need to
plug into your LAN.

>why isn't the POTS network encrypted?

Because I can't pick up the receiver and listen to my neighbor's calls. That's
exactly how ethernet doesn't work. I hear all, even on switched networks with
a simple tool. Wireless? Even worse, it's the equivalent of using a non-
switched hub. I'll even toss in that POTS should be encrypted point to point,
but if you would have attempted it before Phil Zimmerman trail-blazed strong
encryption for us commoners, you would most likely have ended up in a federal
prison if you used non-trivial encryption.

So, to address the original question:

1\. Encryption really was expensive in 1996 or so, but in the age of
multicores, its questionable if there's a real cost now.

2\. Performance hit. SSL handshake is long and annoying. We could use a
replacement here.

3\. Legacy. The hackers who slapped together networks and the various
protocols we use weren't interested or couldn't properly secure this stuff.
Thus the legacy of spam, plaintext everything, etc. Retro fitting security is
hard. Its good if its there from the start like GSM.

4\. Standards are hard to change. Imagine telling all the browser makers and
open source projects that we should all switch to something that won't add to
the bottom lines/download rate/market penetration, but instead cost them time
and complexity as well as add server load. Google can't get anyone to care
about SPDY. Who is going to re-architect this stuff? We're essentially living
in a world convcieved in the 70s, implemented in the 80s, and made popular in
the 90s.

The easy answer is to stop allowing non-encrypted wifi. I'd love to see the
wifi consortium just default to a random key for non-authenticated guests in
whatever the newest version of wifi will be. It'll be transparent to the end
user and probably stop all these local attacks. It won't help you past the
gateway, but right now between the client and the gateway is the problem area.
Heck, why not make all networking gear do this, even on wired networks? We
have the processing power.

~~~
MediaBehavior
> 1\. Encryption really was expensive in 1996 or so, but in the age of
> multicores, its questionable if there's a real cost now.

A lot of "budget-priced" hosting services are near-free for http and heavily-
surcharged for https. - Pricing it to make it seem _as if_ there were some
huge cost difference. Makes a difference when shoestring clubs/nonprofits want
to throw up a cheap static site.

~~~
drzaiusapelord
That's because SSL is a shitty protocol, it has nothing to do with CPU.

Turns out that you can only have one SSL applied to one IP because browsers*
can't tell the webserver hosting 1,000 sites which particular site you're
requesting, because of, you guessed it, encryption.

Essentially, you're paying for a dedicated IP not CPU.

*theres a fix for this supported by several browsers, but it will never be backported to legacy browsers and the millions who won't upgrade for many years so its unsafe to assume you can use this method, thus one IP per SSL for the foreseeable future.

~~~
icebraining
The problem is really only with IE on XP; of course, that's still a huge
share. We can thank MS for that, since if other browsers support in on XP,
there's no reason IE couldn't, especially considering 7+ already does in Vista
and 7.

------
jedberg
The problem here is that encryption is an overloaded term. There are two
different things happening when one encrypts, and both are useful
independently.

The two parts are identity and obfuscation.

Obfuscation protects you from listeners who do _not_ control the network, and
identity protects you from listeners who _do_ control the network.

Together, you know only your intended recipient is getting your message, but
apart, at least you are protected from certain threats.

So even if we just had obfuscation, that would protect us from most threats.
When people say "we need encryption everywhere", I think generally what they
mean is "we need obfuscation everywhere" to protect from the worst threats,
which are those of the uncontrolling listener.

The flip side is that the uninformed will get complacent and assume that
obfuscation is giving them identity protection as well.

~~~
Herring
If we're going to overhaul the entire structure of the internet, it wont be
because of coffee shop eavesdroppers that haven't learned how to inject
traffic.

~~~
tptacek
I think that's it in a nutshell. When we talk at the level of the design of
protocols, we generally concede everything we can reasonably concede to the
attacker, and then design against that well-armed attacker. Denying attackers
the ability to redirect or inject traffic ties their hands behind their back.

There's really no such thing as an "purely passive" attacker. Since the 1990s,
probably starting with the deployment of switched ethernet, active attacks
have gotten steadily easier and more popular, and passive attacks less so.

The frustrating thing here is, we are _so close_ to having this problem
licked, but so many smart people are spending time concentrating on problems
we don't have. What we need to do is to come up with a credible replacement
for the Mozilla/Microsoft/Google-controlled CA system. It's probably no harder
to solve that problem than it is to push adoption of weak unauthenticated
protocols.

------
Adaptive
This is two distinct questions rolled up:

Why _technically_

Why _politically_

The technical issues are real and deep but they can, were, and continue to be
tackled. The bigger issue is that successfully addressing and deploying robust
encryption solutions is not a political priority (quite the opposite).

Keep well in mind that for many online in the 90s, the assumption was that
eventually standards for email encryption, as one example, would become well
deployed. The fact that email is today routinely not encrypted (disregard ssl
connections for the moment, a whole different barrel of fish) is a
demonstration that interested power structures (governments, US primarily)
were successful in limiting uptake.

There are real challenges to successful distributed crypto, but the political
forces in play had the effect of early work withering on the vine for the most
part.

~~~
tptacek
I hear it all the time, but I think this is a pretty silly sentiment.

Nobody wants the entire Internet encrypted more than the giant banks that
Redditors believe control the political system.

What malign forces do you believe the government is _actually wielding_ to
retard adoption of crypto? Who controls how much of the Internet is encrypted?
Because the Internet is an end-to-end system design, the two parties most
responsible for crypto adoption are your browser vendor (which _vigorously
supports_ crypto adoption), and the people who run servers (most of whom
_vigorously support_ crypto adoption).

The onus is on you to provide evidence to back your silly argument up.

~~~
rdl
It was absolutely the case in the 1990s that much of the government actively
retarded crypto deployment. The whole ITAR/export control thing (40 bit as a
compromise) was a HUGE factor in keeping crypto out by default. Then there was
the clipper thing and proposals for key escrow. And, A5 on GSM being weak.

Outside of payments, where the government and industry have pushed for strong
integrity and authentication (although not really confidentiality), government
and big corps have hindered the deployment of crypto.

There has been some improvement in the past decade or so, at least in other
regulated areas, both in regulation and in industry self-regulation/compliance
standards.

I think the majority of the reason cryptography isn't more widely deployed is
that it's 1) hard to do well and 2) most people writing applications have a
hard enough time getting a non-encrypted form working and 3) few people make
it a requirement as a customer. However, government has definitely hindered
ubiquitous crypto deployment.

~~~
tptacek
You are absolutely right that the government had an overt, irrational, and
hostile reaction to encryption in the '90s. I dealt with it firsthand writing
security code for a Canadian company.

But that was the 1990s. The government does not in 2011 believe you are
shipping "munitions" when you allow open downoads of software that
incidentally encrypts traffic. People do it _all the time_ now. And, to be
fair to the government: nobody saw the mainstream Internet coming, and prior
to that, crypto basically _was_ a munition.

I agree with your (1) (2) and (3) reasons. I just don't see anything the
government is doing today, or in the last 10 years or so, to hold back an
encrypted Internet. The people I know in government who think about this stuff
would dearly like to see a more secure Internet.

------
onedognight
Here djb discusses his proposed protocol for encrypting the internet.
<http://27c3.iphoneblog.de/recordings/4295.html>

------
brlewis
I think it would be paranoid to encrypt _all_ Internet traffic. A lot of
traffic isn't sensitive enough to warrant disabling that benevolent man in the
middle, the proxy cache.

~~~
wmf
If you want to use a proxy, you can connect to it explicitly.

------
sandroyong
Bruce Schneier was a great proponent of cryptography. In he lat 90's, he
touted encryption as the end-all of security measures. Since then, he has
backed off his claim. (He later went on and continues to be a proponent of
legislative laws for proper surveillance and forcing companies to be more
security compliant). So, even Bruce doesn't think encryption is a good idea.

Excerpt from a 1998 essay, "Security Pitfalls in Cryptography" that sums it
all up:

"Strong cryptography is very powerful when it is done right, but it is not a
panacea. Focusing on the cryptographic algorithms while ignoring other aspects
of security is like defending your house not by building a fence around it,
but by putting an immense stake into the ground and hoping that the adversary
runs right into it. Smart attackers will just go around the algorithms."

~~~
throwaway64
that is not the same thing as him saying "encryption isn't a good idea"

~~~
sandroyong
I agree. Encryption is a good idea, but I just don't think it's all that
practical. If people really wanted to crack encryption, the technology is
there (and if the person has the patience and time) it will be cracked. And
they don't want to spend the time and effort to get that encrypted info, there
are other ways to really get at it. The user still remains the unpredictable
variable and weakest link in network security. I just think there are better
ways to secure networks and the internet...

------
moe
The FreeS/WAN project wanted to give us Opportunistic Encryption.

<http://www.freeswan.org/ending_letter.html> (tldr: nobody cared)

------
teilo
One might also add that to encrypt all traffic would significantly increase
the energy usage of the Internet as a whole.

------
esutton
it is mentioned briefly on the page, but the major victim of encryption is
caching. That is one of the main reasons encrypted traffic is slower.

~~~
Joakal
Caching in which aspect? Browser cache, server cache, server SSL cache, etc?

