Lots of very interesting bits that made me laugh.
Edit: Found a link for those that cannot see it either: http://litru.ru/book/?p=214644&page=24 . No idea why Google decided I cannot read that particular page.
The trick he played on Teller and then Teller seeing through it instantly, priceless.
And that in turn reminds me of this:
Pity they didn't just pack up and go home after that.
Indeed. The public radio station in my town (in the U.S.) airs a special on the Christmas Truce every year around Christmastime. It's supposed to be uplifting, but I find it almost unbearably sad. The Europe out of which that spirit came was demolished during the war.
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
Author: Martin Thomson <firstname.lastname@example.org>
Date: Fri Jun 14 13:14:02 2013 -0700
Exercising editorial discretion regarding magic.
diff --git a/draft-ietf-httpbis-http2.xml b/draft-ietf-httpbis-http2.xml
index 58bbc27..f1e570d 100644
@@ -385,9 +385,9 @@ Upgrade: HTTP/2.0
The client connection header is a sequence of 24 octets (in hex notation)
- (the string <spanx style="verb">STA * HTTP/2.0\r\n\r\nRT\r\n\r\n</spanx>) followed by a
+ (the string <spanx style="verb">PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n</spanx>) followed by a
<xref target="SETTINGS">SETTINGS frame</xref>. The client sends the client connection header
immediately upon receipt of a 101 Switching Protocols response (indicating a successful
upgrade), or after receiving a TLS Finished message from the server. If starting an
"... The disclosures were published by The Guardian and The Washington Post on June 6, 2013. Subsequent documents have demonstrated a financial arrangement between ... "
Personally, I trust the elders of the internet implicitly.
https://news.ycombinator.com/item?id=9045533 (footnote )
Maybe we could have waited a year and made the magic
THE * HTTP/2.0
KO * HTTP/2.0
It could just as well have been ECHELON , however PRISM has more recent, and documented, meaning and more mindshare specifically around/related to domestic spying.
(obviously haven't had much time to work on it lately).
"And the experimental data we have (what there is of it) suggests that we need to make this look like an unknown HTTP/1.1 method (or two)."
Anyone know what experimental data this refers to, and why this helps? This gets encapsulated inside TLS; nothing should know about it except the endpoints, both of which need to understand HTTP/2.
Which in practice will (hopefully) make it TLS-only. As I recall, one of the original motivations to require TLS, and one of the reasons browsers plan to mandate TLS (apart from the obvious), was specifically to avoid broken "transparent" proxies.
> And even when over TLS, the TLS connection might terminate in a separate machine, it going cleartext the rest of the way.
If the server uses a TLS frontend device and passes cleartext to a backend, then apart from that being a really bad idea from a security perspective, they should know better than to allow that to pass through a broken transparent proxy.
1) We can try to add more encryption to fight back.
2) We can recognize that there needs to be hooks for duly authorized access.
3) We can change or at least influence the political objectives
Personally, I'd have assumed option one is the obvious answer, in addition to increasing adoption of encryption in other areas (though that may be outside the scope of their project). Unfortunately the author seems to conclude that there need to be (presumable CALEA-style) hooks for "duly authorized access". This is almost unbelievable that they are openly suggesting implementing backdoors in communications protocols. I expect this from LE and politicians, but I don't expect this from FreeBSD commiters.
I don't know the exact date that Snowden leaked PRISM but it was already being talked about as early as June 6th 2013 in the Washington Post http://www.washingtonpost.com/wp-srv/special/politics/prism-...
[Edit removed the secret message to keep the suspense ;)]
^ I figure I'd clarify that in case anyone else gets as confused as I did about what possible political or technical objectives the NSA might achieve by including a reference to a top-secret spy program in every HTTP/2 message (although it does seem like the sort of thing a comic-book evil intelligence organization would do :P).
This particular text isn't a vulnerability (after all, HTTP is full of known plaintext), but I think you've overplayed your argument. :)
This would be serious if someone found a way to easily identify which keys were still possible. From there, you could find the real key simply by a process of elimination. It would be somewhat lengthy, but not unreasonably so. But so far as I know, nobody yet knows how to easily identify which keys are still possible.
Note: I'm ignoring IVs here, partly because I don't know if HTTP2 uses them. They may make the process of elimination impossible (at least in realistic amounts of time).
HTTP2 doesn't "use IVs" at all, in that encryption in HTTP2 is provided by TLS. TLS does use random IVs, and modern TLS uses them correctly.
Do you know of the proof that rules out such a possibility?
Every HTTP request does not start with a fixed string. Every HTTP2 request apparently does (if I have read correctly).
>There is not.
Why not? What allows AES to escape such an attack?
What attack? A known plaintext attack is just a type of attack. There aren’t any such known attacks against AES currently. http://crypto.stackexchange.com/a/10837/7264 is related.
Also, HTTP/2 traffic may be encrypted using another scheme (which may be vulnerable to large constant blocks in known locations). I don't think HTTP refers or deals at all with encryption. I'm not sure about HTTP2. My understanding is that they are application protocols only and that message integrity protocols occur at a different layer.
This isn’t really a situation worth caring about when designing a protocol. If you’re choosing to encrypt something with weak encryption, you had better be darn sure that its vulnerabilities don’t apply. (And… why would you do that to begin with? No compelling performance reasons, even.)
This isn't quite a proof. You'd need to show that HTTP is not vulnerable to such an attack.
I don't think HTTP requires a starting block.
HTTP2 apparently requires a client's first message to be/start with:
Maybe I am reading things wrong?
 https://github.com/http2/http2-spec/commit/ac468f3fab9f7092a... (as linked by others below)
The curious thing here (for me at least) is all sessions beginning with a constant block of some length.
Edit: To be clear, I mean the spying hurts our industry.
You mean because "outsiders" will see us as childish or for some technical reason?
1) Visting http://www.openssl.org automatically redirects me to https://www.openssl.org .
2) The OpenSSL source code is stored in a git repo in GitHub. While this doesn't ensure that the code hasn't been tampered with, git does make it substantially easier to detect tampering than other VCSs do.
3) All of the release tarballs are PGP signed. Verification of the authenticity of these files is just about as automatic as it gets.
And if I recall correctly, it was http://openssl.net not https://.
Is it possible there have been some changes in recent years?
Well, I made my comment based largely on information that I verified a few minutes before I wrote the comment. I'm unaware of the site's history.
This is exactly what the NSA wants. That you feel like you're on the right side and "sticking it to the man" while they laugh all the way to their long term data storage.
What is it intended to accomplish? What is the actual statement being made, and who is the intended audience? Not the government - they already know what PRISM is. Also not the common internet user. If it had the potential to be effective at influencing or censoring political dialogue, I would be upset at the attempt to bake propaganda (however sympathetic the tech community might be to it) into what should be a politically neutral protocol. But it does seem more like a prank than anything else.
So it's your assertion that a thing cannot be both "childish" and "political speech" at the same time?
There are some great IETF success stories (mostly from a long time ago), but most of the best IETF products are the result of forceful and expert engineering done by just one or two people, carefully documented. You can see how much better that kind of work is than the IETF collaborative process by looking at the v2's and v3's of standards that started out the other way.
It's not a crazy observation to make. Think about the culture of heavily-engaged Wikipedia volunteers. Wikipedia is an amazing resource, probably the most impressive thing on the entire Internet, but most HN commenters would have no trouble calling it out for immaturity, insularity, and frivolity.
> If IETF members were all immature boys, [...]
and then you go on to make a point that agrees with OP, pointing out that IETF members are very mature engineers that are trying to solve hard problems.
Specifically, I think the argument that the success of the modern Internet is evidence that the IETF is "mature" is dubious and worth debating.
(Hey: just to be totally clear: I do not think the string "PRISM" is evidence of immaturity.)
And we're imprisoned in this madness!
BTW, "I'm rubber and you're glue..."
Updated: And what's gender got to do with it?
For example, with HTTP 1.1, it is pretty much likely that an HTTP response would start with HTTP/1.1 200 OK, or that it would contain strings such as "Content-Type" or "Content-Length". 24 more known bytes won't make it much worse.
If your encryption is vulnerable to known plaintext you should upgrade.
edit: I apologize for the ad hominem nature of this comment. I just get frustrated when people attack major contributers to open source projects. We need to keep in mind how important these projects are and how thankless contribution can be.
Martin has done a lot of work on HTTP/2 and WebRTC. If somebody wants a different message in the HTTP/2 handshake that doesn't evoke immaturity, then that person can contribute sufficient to gain stature in the community and then change that message. Criticizing Martin's avatar is just dragging us into deeper waters for nothing.
I thought hackers were for meritocracy, and not nitpicking silly things like avatars.
Say there's a summit on internet governance and someone is making a point about this statement against PRISM and wants link to his commit message. Say that someone is part of the US government and the audience is middle eastern business men. Who is taking away from the meritocracy now?
This guy is actually a Principal Engineer at Mozilla, working on WebRTC.
If you're attempting to slyly suggest something, everyone would be much better off if you'd just come out and say it. Please don't waste people's time with innuendo.
Why would you not expect programmers with strong political leanings? What kind of world do you live in where top researchers all share moderate views and modes of expressing those views?