The Cost of the "S" In HTTPS

An anonymous reader writes Researchers from CMU, Telefonica, and Politecnico di Torino have presented a paper at ACM CoNEXT that quantifies the cost of the "S" in HTTPS. The study shows that today major players are embracing end-to-end encryption, so that about 50% of web traffic is carried by HTTPS. This is a nice testament to the feasibility of having a fully encrypted web. The paper pinpoints also the cost of encryption, that manifests itself through increases in the page loading time that go above 50%, and possible increase in battery usage. However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc. Are we ready to accept it? (Presentation can be downloaded from here.)

Not Slashdot!

[Charliemopps]

Are we ready to accept it?

Slashdot certainly isn't ready!

Re:Not Slashdot!

Yes, clearly we must urgently encrypt all slashdot communication so that no-one can read the posts!

Re:Not Slashdot!

[Charliemopps]

Yes, clearly we must urgently encrypt all slashdot communication so that no-one can read the posts!

Given that this sites primary purpose is social commentary of the news, encryption's probably more important here than just about anywhere else.

Re:Not Slashdot!

[zidium]

Worry not, Comrade!

HTTPS will come to Slashdot after UTF-8 arrives and the Usable Slashdot interface is retired.

In the meantime, why don't you come join us at https://pipedot.org/? It has both UTF-8 and SSL support already.

Re:Not Slashdot!

Just about anywhere? Where is https more important to use than slashdot?

Re:Not Slashdot!

[Raumkraut]

In the meantime, why don't you come join us at https://pipedot.org/? It has both UTF-8 and SSL support already.

And for that matter so does Soylent News, which is even based on the same codebase as Slashdot!

Re:Not Slashdot!

[LessThanObvious]

There's a big difference between being able to read posts and being able to associate a specific post with the source IP and other details without the site even consenting to that information being released. Having at least minimal capability to actually maintain anonymity without using TOR would be nice. You would still see the IPs of readers, but with HTTPS a reader and a poster would look externally identical and posts couldn't be attributed. That said I have no confidence Dice's CEO wouldn't cough up your name if a Google exec or the like called them up and said they really wanted to know who posted a defamatory comment.

Re:Not Slashdot!

[squiggleslash]

If you subscribe, and then turn off all your benefits, you get HTTPS support on Slashdot permanently. That's what I did.

They've supported HTTPS for over a decade, it's just it's a premium feature.

Re:Not Slashdot!

[unixisc]

You forgot IPv6 support as well

Re:Not Slashdot!

[Darktan]

I had wondered where all the old Slashdot trolls went. Looking at Pipedot, now I know. It's a pity, as the layout and UTF support are rather nice.

Re:Not Slashdot!

|. wins

Re:Not Slashdot!

[RockDoctor]

Hmm, didn't know that.

May consider subscribing. Will consider researching.

Those aren't the services you're looking for

[Overzeetop]

"in-network value added services"

I just read that as "advertising".

Besides, I though most of the internet traffic was netflix now. Is that all done https in a way that distributed caches are infeasible? I understood that the caching was pretty robust for their traffic.

Re:Those aren't the services you're looking for

[yakatz]

It includes things like local caching which was once important, but probably isn't anymore.

Re:Those aren't the services you're looking for

[Qzukk]

Legitimate local proxies will have the clients configured to use them and will work fine with https.

Re:Those aren't the services you're looking for

[Eunuchswear]

My experience with telephone company provided local caching is that it usualy makes the web unusable, If I can get at a service via HTTP or HTTPS then quite often the HTTPS works where the HTTP will either give you nothing, or just the start of the page,

(This was on Free Mobile, in France).

Re:Those aren't the services you're looking for

You are right, and they still have a place; but, we can thank JSON for ruining that because now we don't really have "static" content in our "stateless" distribution system because we've managed to implement state in a stateless environment by never closing the original connection.

The model is now that we never get a complete document, but one that is constantly updated. So a cache no longer makes sense, because you can't cache something that is constantly updated (and different) depending on when you started to grab it (and how long you held it).

Re:Those aren't the services you're looking for

[petermgreen]

In my experiance most proxies legitimate or otherwise just pass https through without caching it.

It's certainly possible to set up a proxy that decrypts and hashes https but it has a number of issues.

1: legal, in some jurisdications it may not be legal to interfere with the encryption of certain types of traffic or may make you liable if the information you decrypted leaks out.
2: client configuration, you have to explicitly add the certificate for every client. Having unmanaged client machines is not mutally exclusive with a legitimate desire to cache data.
3: security, your proxy just became a massive target for anyone wanting to attack your users.

Re:Those aren't the services you're looking for

[petermgreen]

Caching at the phone company is kinda pointless. The time you want proxy caching is when you have a fast local network behind a slow wan and want to reduce the traffic over the WAN.

Afaict the purpose of the phone companies proxy's is not caching. It's purpose at least in my experiance is to reduce bandwidth on the mobile network by reducing image quality.

Re:Those aren't the services you're looking for

[AmiMoJo]

Netflix gives servers to ISPs to host inside their networks for "caching". It's not really caching, it's just distributing their servers more widely.

Re:Those aren't the services you're looking for

[Sir_Eptishous]

My thoughts exactly.
Good lord, with the IoT, and any other "value added" krap out there, are we to expect even a moment away from ads?

Re:Those aren't the services you're looking for

[dave420]

It most certainly is caching - it's a method called "push caching". The servers act just as caches, but the content is pushed to them from Netflix rather than stored when a client first accesses it.

Re:Those aren't the services you're looking for

[Em+Adespoton]

Normally this kind of proxying happens on an edge server, and the server does a man-in-the-middle on the traffic -- so all internal machines have the server's cert, and their https goes to the server. The server then pulls from its cache, or makes an https request to the upstream server, whichever is best.

This is (almost) always legal, usually not a big deployment issue, and actually limits the security footprint as you just have one central point to defend for inbound data (it becomes obvious pretty quickly if there's an attack going on).

Re:Those aren't the services you're looking for

[fuzzyfuzzyfungus]

Some of them are even worse than advertising; but, yeah, "value-added services" is weasel speak for all the ghastly things that your telco would like to do to your perfectly good dumb pipe in order to charge you more for it. (In the same way that the recently revealed custom of injecting tracking IDs into the HTTP headers of traffic passing over some providers', like Verizon's, mobile data networks is called "HTTP Header Enrichment".)

Breaking that shit isn't a cost of HTTPS, it's one of the major reasons to use it.

Re:Those aren't the services you're looking for

Netflix bulk content is pre-encrypted and delivered via standard http. The control channel portion (netflix site interaction) is over https but not much to be gained by caching there.

Re:Those aren't the services you're looking for

When I see more than two adjectives per subject, it's marketing gibberish. Asset leveraged globally positioned efficient marketing gibberish.

Re:Those aren't the services you're looking for

[SQLGuru]

But you should be able to cache the unchanging portions (the template as it were) and not cache the data leading to BETTER caching. If I'm using some sort of data-binding and AJAX, my HTML template page and the Javascript logic can both be cached. Then, my page can be dynamically (and constantly) updated with AJAX data. As the data changes, I don't have to keep sending an entirely new HTML page that only differs by some portion of the content.

Re:Those aren't the services you're looking for

[swillden]

"in-network value added services"

I just read that as "advertising".

You read wrong. HTTPS doesn't prevent advertising. I suppose it prevents ads injected by ISPs, etc., but very, very few ads that you see get there that way.

Re:Those aren't the services you're looking for

[david_thornley]

And, of course, there's always the possibility that you're unknowingly caching terrorist plans or child pornography or (even worse) stuff copyrighted by MPAA and RIAA members.

Are we ready to accept it?

Yes.

Re:Are we ready to accept it?

[NMBob]

I used to be able to surf the headlines of my morning list of websites before going to work on my iPad using a Verizon connection for about 10MBs. It now takes about 15MBs. That could be iOS8, HTTPS, the lack advertising blocking software and/or the increase in advertisements, or whatever. The point is megabytes is [now] money [that I have to pay for], and I don't get any say in controlling the amount of my data plan everyone sucks up -- if I still want to keep reading the same set of headlines in the morning.

Re:Are we ready to accept it?

It's not like the certificate servers haven't already been hacked or anything.

Re:Are we ready to accept it?

Have you turned off JavaScript?

Re:Are we ready to accept it?

That is a reasonable solution to his issue but I don't think that is his point.

Basically performance with the default options used to be better for him.
Now performance with the default options is worse for him.
To many people that state of affairs seems strange.
Yes he can fix it but he has to do something when before the provider was giving him better service by default.
So, since he has to do something he did not have to before, the service is worse.

I think that is his point.

Re:Are we ready to accept it?

[fuzzyfuzzyfungus]

I'm not sure how this is related to HTTPS. Are you saying that Verizon was previously running a transparent proxy that automatically munged the sites you browsed and made them smaller? Have you excluded the likelihood that they've just gotten even fatter over time?

Much of the daily-headlines stuff isn't encrypted anyway; but, even if it is, it is entirely possible to proxy, modify, and otherwise manipulate in-transit HTTPS traffic as long as your client(s) trust your proxy as a CA. It's not pretty; but it's entirely doable(and more than a few corporate firewall boxes do exactly that, with devices on the LAN side configured to trust them). If you want a box-in-the-middle to strip your morning headlines into lyxnvision, HTTPS isn't stopping you.

Re:Are we ready to accept it?

[NMBob]

I don't know. I thought encrypting everything ate up more bandwidth with more overhead, and I just notice the little padlock icon by the URL more and more. Something is sure driving up the number of bytes for basically an unchanged daily reading pattern. Don't notice it, of course, when using WiFi. Maybe it's just more cloudcrap going on, but that shouldn't have changed much, either, and it's megabytes. Darn NSA. I understand, except for my problem. :)

Re: Are we ready to accept it?

[lazybeam]

We'll be moving all our clients to https-only within a couple of months. We have systems to deal with that!

Sounds good to me

However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc. Are we ready to accept it?

I have heard many times that some ISPs exploit that possibility by injecting their own junk in HTML pages. So if that can be avoided, HTTPS only makes everything better.

Re:Sounds good to me

[TWX]

Yes. COX is an offender for certain.

An interesting thing of it though, it's possible to man-in-the-middle HTTPS. It requires one to be a router in-stream, and to proxy the traffic, and to report one's own SSL information to the web client, then to decrypt, and re-encrypt when proxy-requesting from the server.

This is actually normal behavior on corporate networks. Cisco has products that are specifically designed to do this. An interesting way to see if it's going on is to use a new browser with HTTPS Everywhere running with the SSL Observatory turned on in the wild, then use it on a corporate network and see if one gets warnings.

Re:Sounds good to me

To do this, the client must have a root certificate installed by the man-in-the-middle meddler that spoofs all domain names. Not an easy task unless you're a corporation providing a computer to your employees.

Re:Sounds good to me

[dreamchaser]

Mod parent up. I was going to post the same thing. There are numerous appliances and software solutions used by enterprises to do this, but to do it seamlessly you have to install a new certificate on the client machine.

Re:Sounds good to me

[gbjbaanb]

You can see it - look at arstechnica.com and if you view the html source you'll see a large comment section embedded in it advertising some braindeadpayments.com system.

It works as a little game apparently, so you can put tokens in the URL (of the advertised site, not the injected site) and it'll play some slots game.

I really doubt Ars put it there, so its been injected along the way.

Re:Sounds good to me

[TWX]

Well, I don't know the technical details of it, but I've seen a BYOD environment that successfully did it, without having any directory services on the personal devices.

Re:Sounds good to me

[dave420]

It's impossible, thanks to HTTPS's encryption method. The MITM can't decrypt packets encrypted with the real server's key, so in order for the MITM to have an encrypted session with the client, it has to use its own certificate. So I think you're mistaken :) I'd love to be proved wrong, however scary the implications.

Re:Sounds good to me

[TheGratefulNet]

in a corp network, you usually have laptops that are gen'd by the corp IT guys. that means - 99.9% of the time - they come pre-installed with evil certs. and a firewall that is surely a mitm node along your path.

10 yrs ago (or more) I was interviewing for netmgt jobs (this being my main field) and they were all about sniffing, dpi and mitm bullshit. really turned me off! but those were the jobs 10 yrs ago and they have not changed, over time. netmgt is still more about spying, these days, than true netmgt.

btw, when I run a vpn tunnel on my comcast home system, comcast routinely disconnects me after a few hours. I have to actually reboot the docsis modem to get a new connection. this only happens when I run a vpn and run lots of download traffic thru it. that really pisses them off and they have some kind of auto job that kills my connection dead. can't ping my default router. farking bastiges! but I have a workaround, so they don't get to win this round...

Re:Sounds good to me

[TechyImmigrant]

It's impossible, thanks to HTTPS's encryption method. The MITM can't decrypt packets encrypted with the real server's key, so in order for the MITM to have an encrypted session with the client, it has to use its own certificate. So I think you're mistaken :) I'd love to be proved wrong, however scary the implications.

It's not at all impossible if the client doesn't have a client cert. TLS is just plain broken if you don't use client certs, and normal website browsing doesn't use client certs. So HTTPS is just plain broken.

Re:Sounds good to me

[jhantin]

Even better: use TLS mutual authentication with client certificates. Even if your user-agent can be forced into trusting the MITM's CA, the origin server will be tipped off to the interception because the MITM won't be able to forge a client certificate.

Re:Sounds good to me

[Grizzley9]

Yes. COX is an offender for certain.

Can you describe what you mean by this? I'm a Cox subscriber am unsure of your claims of them injecting "their own junk in HTML pages". I have Adblock and HTTPS everywhere extension on so maybe I don't notice it?

Re:Sounds good to me

[Bengie]

What? Server side certs are so the client can trust the server. Once the connection is secured and the client trusts the server, then the client authenticates with a user/pass. The user/pass is in place of the cert. Client certs is a pain, you need to not only store all of them, but you need to validate they're signed by a CA, also meaning each user needs to purchase a cert from a recognized CA. Have fun logging into your email or whatever web service from a computer other than your own. You'd have to install your cert.

A cert is just a way to authenticate and has no bearing on the encryption.

Self signed certs are worthless outside of knowing it's the same cert, which is still useful in an anonymous system. But if you're using the cert of anything resembling "this is me", self signed has no value.

Re:Sounds good to me

[RatherBeAnonymous]

This is an easy one.

User: "Hi, I'm getting an error message when I go to my bank site."

Tech Support: "Oh, that's normal. Just click here, check that box, and then OK. In the mean time, go to our Internet troubleshooter. It will make sure you never see this error again."

User: "Thanks! You've been exceptionally helpful and I'm going to send your supervisor a positive review!"

Re:Sounds good to me

[tom17]

What? I think this thread is going off track somewhat. I don't think Dave420 was talking about Client Auth certs. He was talking about root certs installed on the clients. Without the standard set of root and intermediate certs installed on the client (Installed by default on web browsers and some other clients such as Java virtual machines etc), TLS will not work (Well it will, but there will be warnings).

What Dave420 meant was that for the appliances and software solutions that cache/inspect the TLS traffic can only do so if a new root cert is installed on the client. This root cert enables the MITM device to create its own cert for any website without the client throwing up a warning.

Nothing to do with client auth.

Re:Sounds good to me

[TWX]

I only see them on my phone, where I don't have all of the anti-infection-anti-annoyance plugins loaded, when I'm associated with my AP at home.

Re:Sounds good to me

[TechyImmigrant]

I'll leave it to someone else to explain why you're wrong. I'm working.

Re:Sounds good to me

[WaffleMonster]

It's not at all impossible if the client doesn't have a client cert. TLS is just plain broken if you don't use client certs, and normal website browsing doesn't use client certs. So HTTPS is just plain broken.

Client certs operate the same as server certs. Only difference they establish trust in the reverse direction authenticating client to server.

Whatever you think makes server certs "just plain broken" is also possible with client certs.

Re:Sounds good to me

[smellsofbikes]

Mod parent up. I was going to post the same thing. There are numerous appliances and software solutions used by enterprises to do this, but to do it seamlessly you have to install a new certificate on the client machine.

Maybe you'd be the correct person to ask. I'm worried about exactly this, so as I have enough admin rights on my company computer to install software, I installed virtualbox and am running a linux system within that. My understanding is that since I performed the linux install, when I fire up a browser within the linux install and use https, I should not be susceptible to router-in-the-middle https proxy attacks -- or, at least, I should get a warning the first time I try to go to a site with https, letting me know about a certificate mismatch. Is that correct? or am I still open to the possibility of giving every IT person in my company access to my bank account if I were to do online banking from work? (I don't, but I do use gmail, which is https.)

Re:Sounds good to me

[TechyImmigrant]

>Whatever you think makes server certs "just plain broken" is also possible with client certs.

You need both at the same time to make a session that is MITM resistant.

Re:Sounds good to me

[WaffleMonster]

The user/pass is in place of the cert. Client certs is a pain

It does not have to be a pain like setting up any new account there is a an unavoidable step of establishing initial business/trust relationship.

Whether it is showing up in person with evidence of identity or creating a new online account anonymously the best place to push or hand out client certs is here.

you need to not only store all of them, but you need to validate they're signed by a CA, also meaning each user needs to purchase a cert from a recognized CA.

In my view it is unnecessary and dangerous to farm this out to a third party. As the server you are the one granting access to your application so you are best positioned to operate as your own CA and either sign CSRs your customers bring you or hand out key-pairs to your customers. Unlike browser cert stores servers have full control over CA's they are willing to trust.

If you push a .p12 file most browsers will ask you if you want to install the client cert, say yes and that's it. It only makes sense to push as part of an initial online signup step otherwise distributing certificate "in band" even with CSRs stands a chance of at least partially defeating the point of client certs in the first place.

A cert is just a way to authenticate and has no bearing on the encryption.

Encryption without trust (authentication) is meaningless. In TLS authentication is bound to derivation of session encryption.

Personally I think a much more practical solution for many uses is to get browser vendors to commit the TLS-SRP patches collecting dust in their ticketing systems. If they did that we can use simple login/password to establish secure mutually authenticated sessions by way of zero knowledge proof without f**king around with certificates at all.

Re:Sounds good to me

[dreamchaser]

You should get a cert warning if they are using any kind of SSL decryption. Also, *most* companies that I know use such things specifically exclude banking and medical sites from decryption for legal reasons.

Re:Sounds good to me

[rhsanborn]

The single biggest risk for data loss, and the single best vector for hacking a network is employees either nefarious or technically un-inclined. There's a good reason management wants exposure to traffic, it's to ensure that sensitive data isn't leaving.

Re:Sounds good to me

[tom17]

You are correct in your understanding.

You can also check your privacy just by looking at the certificate for any site you are visiting over HTTPS. Check the certificate authority and make sure it looks legitimate. If you are unsure, you could look the cert up using an online service and compare the online version and your local version.

They should match but there always caveats - Maybe the site is using different certs on different parts of a CDN that has its own server cert installed in browsers. CloudFare is a good example of this - they can create valid certs as they please since they partnered with GlobalSign.

But your VM method should be just fine, yeah :)

Re:Sounds good to me

Sweet cop out, but your wrong. We eagerly await details of your novel attack on TLS, and if you go with a pharming attack that isn't a TLS vulnerability you will be mocked.

Re:Sounds good to me

[WaffleMonster]

You need both at the same time to make a session that is MITM resistant.

Over the years I've run into more than a few people who think this. I don't know quite where the meme comes from yet I suspect it to be based on incorrect assumptions about how the technology actually operates.

If you are making a judgment the whole house of cards of hundreds of global CA is not worthy of your trust that is quite a reasonable and understandable position..

If you are saying the user will just click "continue" when they get a scary certificate warning this is also quite a reasonable and understandable position..

Otherwise barring any publically undisclosed problems MITM is prevented by proper validation the chain of trust from roots installed with your browser all the way to the servers public key matched with corresponding DNS name, key usage and expiry.

You can't MITM without defeating security of the technology or hacking CA and or Server.

If you doubt or disagree please provide specific technical means by which MITM can still occur.

Re:Sounds good to me

[ultranova]

Self signed certs are worthless outside of knowing it's the same cert, which is still useful in an anonymous system.

A system using self-signed certs is vulnerable to MITM attacks, true. But performing such attacks requires far more resources than just passively listening to all connections, as is the case with unencrypted traffick. So they're still useful for protecting against mass surveillance.

Re:Sounds good to me

[smellsofbikes]

You should get a cert warning if they are using any kind of SSL decryption. Also, *most* companies that I know use such things specifically exclude banking and medical sites from decryption for legal reasons.

Cool, thanks. I trust my corporate overlords and potential rogue elements within IT about as far as I can throw them, so I try hard to restrict what I do online to let them see as little as possible.
Well, except for this, which is going through the internet in plaintext. Yay.

Re:Sounds good to me

[dave420]

It IS impossible, unless the MITM has a valid certificate for the site in question signed by a CA in the user's trusted store. If that's not the case, the padlock in the user's browser will complain about an untrusted certificate. Yes, the SSL session can be used, but the browser will flag that it is untrustworthy. So no, again, it's impossible to have a MITM attack using SSL which is either not signed by an already-trusted CA cert or without a big red padlock.

Re:Sounds good to me

[dave420]

Of course they're "spying" - they're wearing white hats and are looking for intrusions, vulnerabilities, and so on. Just look at what happened to Sony - I doubt you'd say that's fair enough, that Sony (or anyone else) shouldn't do anything to try and stop things like that. I guess the security guards at work are spying, too, as they're patrolling around looking for burglars...

It pains me to say, but if that's your field of expertise, and you don't understand why sniffing, DPI, and MITM proxying are important in a security context, you are not very good at your job :)

You put a lot of traffic through a VPN from your cable modem, and occasionally it drops, and you think Comcast are personally attacking you? You sound incredibly paranoid :)

Re:Sounds good to me

But that's easy to do if you're the operator putting the certificates on the phones you subsidize. That paper has been also presented in the same conference:

http://conferences2.sigcomm.org/co-next/2014/CoNEXT_papers/p141.pdf

Re:Sounds good to me

[Neil+Boekend]

At the company where I work they do that differently. All non-white listed HTTPS traffic is blocked. Banking sites are not on the white list. Nor, presumably, medical sites.

Re:Sounds good to me

[Grizzley9]

I only see them on my phone, where I don't have all of the anti-infection-anti-annoyance plugins loaded, when I'm associated with my AP at home.

Wouldn't that only be related to location based advertising? Still not sure I understand.

Re:Sounds good to me

You can see it - look at arstechnica.com and if you view the html source you'll see a large comment section embedded in it advertising some braindeadpayments.com system.

It works as a little game apparently, so you can put tokens in the URL (of the advertised site, not the injected site) and it'll play some slots game.

I really doubt Ars put it there, so its been injected along the way.

Its not injection, its intentional. See the response from ARS. http://arstechnica.com/civis/viewtopic.php?f=3&t=1262815

Re: Sounds good to me

Yep, and many corporations just might run https to the F5/router, and then run unencrypted from the F5/router to the server, meaning the traffic is available to anyone with superuser privilege on the server room network. Some software (last I checked, apple's) converts to http from https, even though the user has specified https. Try going to apple's knowledge base with https, then click on a link. I have often wondered if I can trust apple's knowledge base since there might be an http MITM attack. And there's no way to specify Https from the app store update link...you have to copy and paste, then add the s to http. Then the style sheets are all messed up.

Value added? More like value subtracted.

[sinij]

Value added? More like value subtracted for most of the things on your list.

Plus, you are ignoring the fact that nobody is planning to encrypt content like video streaming.

Re:Value added? More like value subtracted.

> Plus, you are ignoring the fact that nobody is planning to encrypt content like video streaming.

Actually everybody is planning to encrypt video streaming.
They just aren't going to do it with SSL, they are going to do with DRM.

Re:Value added? More like value subtracted.

[jhantin]

Plus, you are ignoring the fact that nobody is planning to encrypt content like video streaming.

Remind me again why big corporations have been making a huge uproar about allowing unencrypted content? Oh yeah, DRM. ;-)

Re:Value added? More like value subtracted.

[trigeek]

Actually, as the paper indicates, Youtube is encrypting most of their delivered content.

Re:Value added? More like value subtracted.

YouTube video streams are carried over HTTPS.

Re:Value added? More like value subtracted.

[fasuin]

if you actually see the paper... they show that YOUTUBE now is serving VIDEO over HTTPS....

"S" in quotes, but not services or value added?

The S in HTTPS really means security. The "services" provided by middle-boxes rarely provide anything "value added" to the user.

Re:"S" in quotes, but not services or value added?

[mwvdlee]

Things like compression, firewalls and proxying definitely add value to me as a user.
But it's a value I'd happily trade in for the value of security and privacy.

Re:"S" in quotes, but not services or value added?

[Immerman]

There's also a point to be made that while many somebodies would, just on general principles, love to know everything you watch on Netflix, etc, in most cases the actual privacy invasion of such knowledge is almost certainly far lower than would be gotten from library records in days of old. We're talking about what mass-market pablum you choose to waste your time with - it may help somewhat in building a psychological profile, but it's unlikely to reveal many details. So leaving such high-bandwidth mass-distributed data unencrypted could allow us to still use caching for the data which benefits most.

On the other hand, your YouTube watching habits are potentially far more revealing. But by the same token the viewership for any given video is generally far lower, and with it the benefits of caching, so the cost/benefit ratio probably comes down strongly in favor of encryption there. If the NSA wants to know my viewing habits, let them buy the data from Google. And Google, I'm counting on you making a tidy profit selling that data. Don't cheap out on me. The expense needs to be enough to that they only buy the data on the specific individuals they're already suspicious of.

Re:"S" in quotes, but not services or value added?

He's not part of the problem. He can use it, and it provides value to him. Stating he's part of the problem is just a disguised ad-homenim attack.

I pull up some documents that aren't dynamic, and haven't changed in at least four years. What is the true value in having that document travel through 20 pieces of networking equipment in full, rather than having it travel through 3 pieces of network equipment in full (with a very small "have you been updated since this date?" query traveling through the other 17 pieces of networking equipment?

Re:"S" in quotes, but not services or value added?

The value of not having umpteen pieces of network equipment trying to change the data based on assumptions that may or may not be true should be self-evident. If you care that much about caching, you can add a caching proxy, or ask your provider to provide a caching proxy, and instruct your browser to use that. People who don't mind the kind of meddling that we're talking about here are indeed part of the problem, because they won't oppose further breakage of the fundamental design principle underlying the internet: Intelligent edge devices, dumb network.

Re:"S" in quotes, but not services or value added?

WTF are you and what have you done to the real Slashdot? How the hell does a comment which basically says "track my Netflix, I've got nothing to hide" get modded up?

Re:"S" in quotes, but not services or value added?

[Immerman]

Hey, I've got plenty to hide - but precious little of it will be even ever be exposed by my Netflix viewing habits. For the most part even the best, most compelling mass-media available only ranks as "mostly better than staring at a blank wall when I don't feel like thinking". Any psyche profile built up around my choice of least-bad media is going to be laughably inaccurate. Hell, after years of watching Hulu they still can't even target me with marginally relevant advertisements.

Is it review all basic shit day?

"the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes"

Someone seriously just figured out what the end-to-end part meant? What the actual fuck.

Re:Is it review all basic shit day?

[gbjbaanb]

the internet has never been end-to-end, its always been packets shovelled through a myriad of devices routing your packets to the destination.

Stuff like caching and proxying are useful to the well-being of the internet, if I am watching the same movie as the guy next door, we don't need twice the bandwidth to the datacentre that's located in god-knows-where. Local cache makes things work a lot faster.

I suppose Google can afford to puts its own caching proxies across the globe, so its not much of a problem for them, but it might be for everyone else.

Maybe we'd be better off without https and instead encrypt the underlying communication between the end-user and the ISP. https isn't going to stop the NSA after all, but it is a good thing to stop anyone sniffing all wifi traffic.

Re:Is it review all basic shit day?

What the fuck is going on? Do you noobs really not understand that you can use caches even if they don't intercept your direct connections to pretend that you're still talking to the remote host when you're really not? Do you really not mind that various ISPs compress the heck out of images until a blind man would see the artifacts? Do you like injected ads and tracking? What! The! Fucking! Fuck! The network needs to be encrypted end-to-end, and not just HTTP.

Re:Is it review all basic shit day?

[drinkypoo]

Stuff like caching and proxying are useful to the well-being of the internet,

Yes. That's true. But browsers do cache content sent by HTTPS, unless the content has settings which prohibit it, e.g. "Pragma: no-cache". Any dynamic content should have its pragma set so that it won't be cached, anyway. Anything else shouldn't, and the browser will cache it.

ISPs which put transparent proxies in usually aren't doing it to save bandwidth between them and the internet. It's usually done so that they can recompress the images sent to your browser to reduce the bandwidth on that link, to make your internet connection seem faster and reduce link congestion. That's especially true in mobile.

Sure you can proxy

Only if you trust the entity doing the proxying, of course, but its not exactly rocket science to install the certificate of the proxy and have it decrypt and reencrypt the traffic on the fly. Probably expensive to do on a large scale as it will take a lot of juice, and definitely a niche application...but if you REALLY want to, you can.

firewalling

present participle of "to firewall"

how is "s" preventing firewalling?

Yes

[buchner.johannes]

Caching: You can not cache Facebook for example, because the content is generated differently for every user. Youtube goes through great lengths to prohibit caching (e.g. with Squid) in the first place.
Proxying: You can proxy https just fine.
Firewalling: You can firewall https just fine.
Parental control: You can block websites just fine, either via DNS or IP.
I suspect they mean snooping for "copying that companies don't approve of" and "freedom fighters" here. And child pornography. It's kind of the point of HTTPS that it should be private. So yes, I can accept these costs.

Re:Yes

[DougOtto]

I believe the "Firewalling" comment was likely in regard to packet inspection, not port filtering.

Re:Yes

[MightyYar]

You can even cache, if you have access to the certs on the client. Google "squid in the middle". Any school or work environment with legit reasons to filter or cache content still can.

Re:Yes

Well, for parental control, you can't use keywords with https. Using the website name or IP address to block websites... yeah, doesn't work when the web is billions of websites.

Re:Yes

>parental control . . . doesn't work

FTFY

Re:Yes

[Aethedor]

Caching: You can cache Facebook's images, stylesheets and Javascripts just fine.
Proxying: Not just fine. You need a man-in-the-middle proxy for that and its root certificate installed on every client. Otherwise, it's just routing, not proxying.
Firewalling: Firewalling based on hostname / port, yes. Firewalling based on bad content (malware), no.
Parental control: Same as firewalling. And blocking this kind of content is not only done by IP address, but often also by words in the hostname. This cannot be done when you can't read the hostname in the HTTP request.

Re:Yes

[ottothecow]

Why can't you cache facebook?

Sure, nothing on there is a static page, but if a million people are sharing the same 1MB image, you can still cache that. The text after "So and So shared..." will change, and the comments/likes will change, but somewhere there is a jpeg that keeps getting reused. Not everything makes sense to cache, but for things like images shared by George Takei, caching them once at the ISP or corporate network level could stop many gigabytes of external transfer.

Re:Yes

[Rob+Riggs]

Packet inspection is certainly possible. You proxy all traffic either explicitly or via one of the many MITM SSL deep packet inspection products. Surreptitious packet inspection is not possible. And that's a *very* good thing.

Re:Yes

It is disingenuous to make a blanket statement "you can not cache Facebook". After all, what takes up the most "data" on the page? It is between images and scripts. Neither of those is unique per user. When someone posts an image, all viewers of the image see the same image. It can be cached. Same with the javascript. It is just the unique parts of the page that can't be cached...

Re:Yes

[key134]

Parental control: You can block websites just fine, either via DNS or IP.

Your parental control software would need to actively pull the certificate as it can't see the actual HTTP call on the network. At layer 3, it will basically just see a port 443 connection to an IP and reverse DNS does not always give you the host name of the website. It can be done, but it's certainly more difficult than raw HTTP requests.

Re:Yes

Net Nanny Parental Controls and the professional counterpart ContentProtect both filter HTTPS.

Re:Yes

[Austerity+Empowers]

Ad injection, webpage redirection. "Value add" for network owners, not end-users. Fuck em.

Re:Yes

[tom17]

Even for lower use images, caching them closer to the poster could be helpful given that their circle of friends is likely, statistically, to be in the same region. One image alone would not make much difference in this case, but millions of low use images mostly coming from caches closer to most of the people viewing them would make a huge difference.

Re:Yes

[tom17]

Except modern browsers and servers support SNI, so the hostname is now sent as plaintext on the network.

Re:Yes

[Bengie]

Just wait until IPv6 with IPSEC becoming standard. All you will see is a Layer 3 packet with no indication of protocol or port number. All layer 4 data is encrypted.

Re:Yes

Caching: Can't cache anything that's only available to logged-in users. The rest doesn't matter regarding caching.
Proxying: You can have encrypted connections to proxies which have encrypted connections to servers. Have none of you ever seen proxy configuration options?
Firewalling: If you use a proxy, you can "firewall" based on content. Just make the proxy the only way to connect outbound. Not that content based filters would traditionally be called firewalls, but whatever.
Parental control: This is what you're actually talking about when you demand content based "firewalling": Parental controls, with the IT department babysitting everyone else. And you can still do that without man-in-the-middleing anyone. MITM is what you're doing today. If you're doing this right, then you get an encrypted connection to the proxy and an encrypted connection to the server and nobody needs to be tricked at all. The only difference is that you can't pretend that you're not doing it.

Re:Yes

[fasuin]

If you mind reading the paper, or checking the slides, they say that "according to Internet Watch Foundation Blacklist, only 5% of their entries is based on pure domain or subdomain"... Now how to impose parental control of www.facebook.com/mypornpage?

Re:Yes

[fasuin]

+ 1 and plus .css, .js and all static content...

Re:Yes

Proxying: Not just fine. You need a man-in-the-middle proxy for that and its root certificate installed on every client. Otherwise, it's just routing, not proxying.

It *is* fine. I proxy https through my squid all the time. What happens is that my browser sends (in plaintext) the command CONNECT en.wikipedia.org:443 to squid. Squid then forms the TCP connection, and lets the browser handle the SSL handshake and everything else.

The proxy can see the domain/IP it connects to, and that's it. It can't see any requests, much less cache their content.

What you _can't_ do is transparently proxy it. The browser must be aware that it's facing a proxy for this to work.

Re:Yes

[jonwil]

I have always wondered why some parental control vendor doesn't make their own browser (or adapt an existing browser) that can sit there and monitor whats going on in the browser before the HTTPS is ever applied.

Euphemism: 'Value-added services'

[kheldan]

Oh, you mean like targeted ad injection and other MITM type garbage? That's fine, you can keep those anyway.

Cost of certificates

[bunratty]

The other cost of the S is the difficulty in obtaining and using certificates that are recognized by browsers without bothering the user. That's why the Let's Encrypt project is trying to make it free and easy.

Re:Cost of certificates

startssl.com already offers certificates for free. Let's Encrypt is trying to make enrollment easier via a standard API/script.

Re:Cost of certificates

The other cost of the S is the difficulty in obtaining and using certificates that are recognized by browsers without bothering the user.

Seriously? Why do people still believe this?

You can get certificates from godaddy for $15 or less per year with a coupon that you can easily find with google.

And SSLs.com will sell you a certificate for $4.99 per year:

https://www.ssls.com/lp/4.99-s...

Yes, UNDER FIVE US DOLLARS PER YEAR. If you can't afford that, you probably can't afford the internet in the first place.

Re:Cost of certificates

[bunratty]

You can get SSL certificates for free, but they're WAY more difficult to use than they need to be. I've installed certificates before, and it's a bunch of tedious, boring, repetitive work. What are computers for but to automate tedious, boring, repetitive work!? The computer should handle all work for me, and all I should have to do is click a button, for chrissake! That's what Let's Encrypt does.

Re:Cost of certificates

You can get SSL certificates for free, but they're WAY more difficult to use than they need to be. I've installed certificates before, and it's a bunch of tedious, boring, repetitive work.

Seriously? It's very easy:

1. Generate the key.
2. Generate the certificate signing request.
3. Send the CSR to the certificate authority.
4. The certificate authority does its verification.
5. The certificate authority sends you the signed certificate.
6. You install the signed certificate.

If you can't do that, you aren't qualified to administer a webserver, with or without SSL. Go ask someone with a clue.

Re:Cost of certificates

[cen1]

DANE and DNSSEC are the solutions. Too bad the adoption rate is very slow.

Re:Cost of certificates

Unfortunately StartSSL isn't that dependable. I've had quite a few certificate's rejected by StartSSL because of the name. For example they refused 'finance.oxhack.org'. They have a policy not to give free domains for "commercial use". But the ones
they rejected weren't commercial use at all (that one was just for financial reports), but they don't check actual use. I don't remember what the other domains they rejected were, but I've had a few, it's always a bit of a gamble.

Hopefully Let's Encrypt won't have that problem, and be compatible with a lot of browsers including ones older than y2015.

I've also needed an occasional wildcard subdomain. (Old browser compatibility with HTTP server push needs a separate subdomain for each window to be reliable.) You can't get those for free at the moment.

Re:Cost of certificates

[hcs_$reboot]

they're WAY more difficult to use than they need to be.

That's probably in order to justify the price, I mean for the non-free ones (to be recognized by most browsers)? A cert takes less than a $0.01 to be made, they're sold between $30 to $1000...

Re:Cost of certificates

do visitors get the "confirm security exception" thing with these?

Re:Cost of certificates

[tom17]

No

Re:Cost of certificates

[tom17]

With StartSSL the actual cert generation is easier than that as they create the key on their server first and they ask for the forms on the site. No CSR is needed, though you can do it that way if you wish.

What is a tiny bit annoying is their authentication - you need a client authentication cert installed on your browser. Not hard in itself, but annoying if you have let the old one expire as they then need to review your request for a new one.

One other thing is verification that you own the domain, through various methods. Not hard to do, but automated and very necessary.

Re:Cost of certificates

[tom17]

Free ones (at least StartSSL) are recognized by most browsers that I have tried. That's an anecdotal, non-exhaustive list, of course. I'd be curious to find out what mainstream browsers do not recognise them though.

Re:Cost of certificates

With StartSSL the actual cert generation is easier than that as they create the key on their server first and they ask for the forms on the site. No CSR is needed,

That is a gaping huge security flaw. Never seen a certificate authority that does that.

I call BS

1. have you read all the pieces about "in network buffering" and how it is screwing up the way the internet was designed?

2. are you sure in-network value-added services does not really mean cookies and tracking, etc.?

Re:I call BS

[GuB-42]

2. are you sure in-network value-added services does not really mean cookies and tracking, etc.?

Cookies and tracking work perfectly in https. Conversely, a proxy that blocks cookies and tracking before they even reach your browser is an "in-network value-added service".

I'll take the S

However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc.

Caching is only a benefit if you are doing the same purely consumption things online that your neighbors are. Not a concern.

Proxying is an odd one to include, as it takes a whopping 3 seconds to set any web browser to use a proxy, so why should I be impressed that some ISP has a proxy in place whether I want it or not?

I have no reason to trust a third-party firewall.

"Parental control" software is a joke. It'll block the famous but tame sites and you'll find your kid watching things that make you physically ill to think about.

Etcetera may be useful, but since it is typically tossed in after someone is done with what they think are the good examples, I don't trust it either.

Accept it? Yes, for now

[davidwr]

There are already some ways to get some of the benefits of https: without all of the costs, and I'm sure ingenious people will figure out other work-around as well. In the meantime, from where I sit the benefits of https: generally outweigh the costs.

Let's take caching as a trivial example that doesn't require much ingenuity to figure out:

Let's say I run an https: web site. Let's say I want to run a content-delivery-network for my images, ads, and most other content but I want to maintain control of the main index.html file and of a few other "embedded" items. The end user loads the https://.../index.html. Based on the customer's IP address the index.html file will include https: links to nearby CND-offered images, ads, etc. Since the CDN's URL will have a valid certificate, there won't be certificate issues for these items. As long as the end user's web browser tolerates an https: web site embedding content from a different https: web site this will work.

No Caching?

[pigoon]

Presentation seems pretty weak. Probably not worth anyone wasting their time reading. Encryption does not negate caching ability. Generally, this looks like a non-tech made a tech presentation.

Re:No Caching?

It does. You can't cache encrypted traffic.

Re: No Caching?

Every CDN worth its salt provides HTTPS support and will happily cache data at edge nodes (after fetching via HTTPS from origin) and serve it up to clients via HTTPS.

Re: No Caching?

[jones_supa]

The content in the CDN server is cached in unencrypted form.

Re: No Caching?

[dave420]

There's absolutely no reason why it has to be, if it is indeed done that way.

Re: No Caching?

[hawguy]

There's absolutely no reason why it has to be, if it is indeed done that way.

No reason except for that's how SSL works... Otherwise you get no end to end encryption or assurance that some third party (like the CDN itself) hasn't modified the page. The CDN can't grab an SSL protected page from the host and serve it to browsers with having access to the unencrypted page.

The CDN could retrieve content over SSL, store it as plaintext, and reencrypt with a new ssl certificate (supplied by the host website) it before serving it to you but that's just a specialized case of MITM that many corporate firewalls do to inspect pages, and it breaks the whole security model of SSL.

Re: No Caching?

[devman]

CDN hosted content will be linked to by the page served to the client just like it is now. Example: you connect to https://examplebank.com/ the page served back to you links to content (images, scripts, we) hosted on https://examplecdn.com/ Both links establish properly and TLS security model isn't broken.

Re: No Caching?

[hawguy]

CDN hosted content will be linked to by the page served to the client just like it is now.

Example: you connect to https://examplebank.com/ the page served back to you links to content (images, scripts, we) hosted on https://examplecdn.com/

Both links establish properly and TLS security model isn't broken.

Right because the CDN has an plain-text copy of the content (which is the point I'm responding to in the grandparent's post) -- the CDN can't transparently ship me SSL encrypted content from the website I'm going to, the CDN has the plain-text content and it's the CDN that establishes the SSL session with me -- I have no assurance at all that what the CDN is showing me is what the original site intended, which is where a CDN break's SSL's security model -- I have to trust that what the CDN is sending me is actually the content from the site that I'm visiting meant to send me. (or conversely, the website that's using the CDN has to trust that what the CDN is sending to their users is what they expected it to be)

Re: No Caching?

[devman]

Well yes, in the same sense people who use hosting providers for their websites have to trust that their hosting provider doesn't mess with their files (a CDN is just a type of hosting provider after all). There is no break in the TLS trust model though, the client will authenticate both the original host and the CDN.

Re: No Caching?

[dave420]

So you disagree with me, then right at the end agree with me. Nice. By the way, that does not break the whole security model of SSL, if you trust that the CDN is not a malicious actor.

Aw man! I wanted to inject adverisments!

[thevirtualcat]

Yes. Please. HTTPS all the time, everywhere.

It's one thing when the free WiFi at the shady computer store down the street does it. But even for-pay WiFi hotspots are doing it now. (Looking at you, Southwest Airlines In-flight WiFi...)

Slashdot?

[jones_supa]

When will Slashdot catch up? I still can't use this site in HTTPS without subscribing. Being able to browse securely is a standard feature these days.

Re:Slashdot?

> Being able to browse securely is a standard feature these days.

Is https secure?

At work, I was surprised to see Firefox complain about certification problems. When I checked, my Google https search was apparently being intercepted by our proxy. The organization-supplied IE and Chrome acted as nothing had happened (thanks, FF!). I then learned they are checking my communications, which is to be expected as the network is theirs and people inside have certain legal obligations. I'm not sure I can expect privacy on devices which are not mine, also.

I think what kind of security I do have at home, since I depend on an ISP... at least, FF does not complain! Yay!

Re:Slashdot?

[wiredlogic]

We're still waiting for the Unicode support that was already implemented in slashdot.jp years ago.

Re:Slashdot?

[jones_supa]

It sounds like that in your workplace your browser connected to the proxy using HTTP and asked the proxy receive the actual page using HTTPS.

Re:Slashdot?

[jones_supa]

Acchh, indeed...damn I'd want Unicode support too...

Re:Slashdot?

I'm not really an expert -- I just selected the secure Google search -- and not for privacy reasons. I supposed both the search and the results would be encrypted...

Re:Slashdot?

[RatherBeAnonymous]

The proxy is most likely transparent. When a web browser attempts an HTTPS connection the firewall responds to the client as if it were the server and sends a self-signed public key. Then it makes a connection to the destination server in the client's stead. Firefox complained because corporate IT had not installed the firewall as a trusted CA, like they had when they installed Chrome and IE. Realistically, IE inherits its certs from Windows and certs can be installed via Active Directory.

Re:Slashdot?

[jones_supa]

Yes, that makes sense.

What about the cost of NOT having it?

[RivenAleem]

What is the cost to the user of having their communications intercepted, banking details stolen etc etc.

That's like saying that putting locks on your doors has an added cost of you requiring more time every day getting in and out because you have to take time to turn a key. It also means that local corporations can't send people by to inject "value added" services into your home without your consent! Are you ready to accept locks on your doors?

Re:What about the cost of NOT having it?

I doubt they are taking the position that these costs are bad always, encrypting banking details is an obviously important security measure. The question is whether encrypting things like cat meme pictures is worth it.

Re:What about the cost of NOT having it?

[RivenAleem]

Oh, I get you! We should only put locks on specific areas of our house. Leave the front door unlocked, but perhaps have a lock on the bedroom and bathroom. After all, there should be no real reason why the contents of your fridge should be kept secure, and if your local supermarket was allowed send in staff members to people's houses at random (or targeted if they notice you haven't been shopping with them lately) to check where you have been shopping recently and what you have been buying, so they can deliver a better experience to you in future, perhaps send you some targeted advertising at a future date.

Encrypt EfVuEcRkY Thing.

Re:What about the cost of NOT having it?

I never use those lock things, it's a waste of time and the security is overrated.

Yesterday, when I came home, all of my tasty wheat sodas were replaced by products from Coca-Cola.

They left a note calling the "substitution" a value-added service.

Re:What about the cost of NOT having it?

Do you lock your trash cans? Do you fence and lock your yard? Do you put a big black tarp over your house so google can't see what it looks like and passing salesmen can't see your paint is pealing? Some people do, most people don't and don't care too.

Re:What about the cost of NOT having it?

[bill_mcgonigle]

Right, and you have to add the entire NSA budget to the "costs" column for web encryption or not.

WTF...

[EndlessNameless]

Stupid article. Making a mountain out of a mole hill.

How hard is it to push a certificate to your clients so they trust your proxy? How hard is it to setup a cache there? And monitoring/filtering? Not very hard.

We do this at work, and it is dead simple for halfway competent admins to implement.

What this really does is stop telecoms from monkeying with their users' traffic. By default, anyway.

Most ISPs provide Windows installers/optimizers to their users, which their users dutifully click through without understanding. So they could just install their certificates and continue business as usual---with very little effort, all things considered. They might need beefier proxies to handle encryption, but CPU time is cheaper than ever.

Re:WTF...

Slashdot, I am fairly certain now, accepts paid submissions. This latest one, was probably on behalf of the NSA/GCHQ.

Re:WTF...

[SuricouRaven]

You don't even need to know how to do it - Smoothwall automates most of the process so even an A+ certified tech could figure it out. Probably.

Re:WTF...

How hard is it to push a certificate to your clients so they trust your proxy?

But, now you have broken https. It is one thing for you to MiM ssl to slashdot type sites (even there, folks sometimes share opinions they may not want e.g., a school administrator seeing), another for you to be snooping on people's banking, embarrassing sites, etc. (which you now have the capability to do).

Your other points are correct, but there are both technical solutions (e.g., Tor [which can act as a parent proxy, so web caches still work]). But, it could be argued the proper solution is legislation against this behavior by ISPs.

what in the actual hell...

[nimbius]

in-network value added services, that are offered by middle-boxes

Dear god this summary reads like a stroke victim. Looks like the PHB is low on meetings today...allow me to take a moment to explain what the cryptography does in each case...

caching: is a relic from when switches were slow and data bandwidth was very limited. gigabit nics, CDN's and multi-gigabit switching has obsoleted it for the most part.
proxying: If we mean squid then true it will break, but otherwise this is kinda vague. my IRC proxy still works, and my SSL proxy is unaffected
firewalling: No. Firewalls will still work you ignorant walnut. things like DPI and injection might be hindered however, and those things are in point of fact not adding any value to anything.
parental control: Most sites your kid shouldnt be looking at are flagged for detection by the browser or add-on software, and when they arent the content displayed is in most cases detectable by third party software. DNSBL and null routing handles this more efficiently however, so i have a hard time declaring my ability to police my daughter "broken."

Re:what in the actual hell...

[SuricouRaven]

I've not seen any patential control software that runs as a proxy server. It's all browser plugin. I'm surprised at this - given that many homes now have several laptops, a few more tablets and a mobile phone each, maintaining one proxy is a lot less hassle than ten browser plugins across four different operating systems.

Re:what in the actual hell...

[david_thornley]

The proxy would have to be built into the router, because that's the only computer you can count to be on during browsing, This won't work in the case of mobile phones and some tablets, which can usually get net access without going through the family wifi.

... Is about the least of it

[RabidReindeer]

I've no doubt that the overhead of https can be more than paid for if website designers would lay off the Singing Flowers and Dancing Fairies. Toss the gratuitous multi-media. Especially the auto-playing stuff. It's cheap and cheesy and makes me seriously think of avoiding the site altogether, whether it's local content or 3d-party adverts.

And while you're at it, calculate the slow-filling parts of the page in advance so that the [censored] thing doesn't bounce up and down like a demented ping-pong ball as it loads. The only thing more irritating than having a page continually re-map itself while you're reading it is to have the stupid thing auto-reload and throw you back to the top of it.

Re:... Is about the least of it

[drinkypoo]

The only thing more irritating than having a page continually re-map itself while you're reading it is to have the stupid thing auto-reload and throw you back to the top of it.

My very favoritest thing is when an element moves over just slightly just as I was about to click it, and I click its neighbor instead.

Re:... Is about the least of it

I would like to shit all over this current trend to have some stupid crap drop down from the top of the page, but only when you scroll a certain amount.

I like to read text near the top of the window, and this always results in the text I'm trying to read being covered by some navigation bullshit. When I scroll back up, the navigation disappears.

And EVERYONE IS DOING IT. Fuck you, web designers. Fuck you with bells on.

Re:... Is about the least of it

[sound+vision]

Even if you're going to have annoying floating nav/ad bars, please put it on the left or right side, not top/bottom. Most people are now on 16:10 or even worse 16:9 monitors having tons of wasted horizontal space.

Using NoScript has somewhat reduced these issues for me, but there are sites that require the scripts for functionality that I need, so it's not perfect. One thing I strongly advise anyone on widescreen to do is to move the task bar (or your OS' equivalent horizontal space-user) to the left or right side of the screen instead. In addition to being sensible, I find it aesthetically pleasing, especially on W7 Aero Glass.

Re:... Is about the least of it

[RabidReindeer]

My very favoritest thing is when an element moves over just slightly just as I was about to click it, and I click its neighbor instead.

Isn't it everyone's?

I think there's an xckd for this.

Hmmm. Not a hard tradeoff for me.

[anegg]

The tradeoff is between a little more time, and a little more resources, against the benefit of keeping my communications private and unaltered by all of the middlemen through which my communications pass. That's a no-brainer for me.

In the days before the exposure of Verizon's (and others) schemes to actually interfere with the content of communications from their customers passing through their network (I'm talking about the physical modification of the communications content, and not just traffic management/prioritizing), I may have had a different opinion about the tradeoffs. But now that the "common carriers" have shown that they have no morals what so ever with respect to the content of traffic they are carrying through their networks, SSL encryption is simply a necessary function to prevent interference.

Today that interference may be limited to tracking user activity using an additional HTTP header that the user never knows exists. Who knows what packet re-writing magic might be used by the carriers in the future to completely "customize" each user's experience interacting with third parties to the benefit of the carrier?

Look forward and the answer is clear

[Eponymous+Coward]

Proxying and caching was a huge win back in the analog modem days. These days it is still a win, but not as big. Looking forward, the costs associated with having a secure connection are only going down while the value of the secure connection is holding steady or maybe increasing.

Network services

[sgunhouse]

Let's see, on the useful side we have compression/acceleration and parental controls. Would it also interfere with ad blockers and anti-malware? Those are also useful services. Services we as consumers don't want are those ads certain low-cost carriers insert in content - though if blocking those forces the carrier to shut down we might have a problem. And of course we also don't want those Big Brother services - governmental content blocking and monitoring.

Re:Network services

[SuricouRaven]

It interferes with non-browser-based ad blockers. Which are common still on corporate networks, though rarely at home. You can still block by DNS even then, it's just not so fine-grained. Fortunately you rarely need fine-grained to stop advertising.

Summary makes Me think of 3-way breeding

Imagine You cross a bunch of cockamamy with trolling and F.U.D. The end result would be called "crud" and that's what this summary's "Are we ready to accept it?" is.

Use COPPA as an excuse not to encrypt

[tepples]

Then block all HTTPS until age 13. The only sites you need HTTPS for are the ones that require a login, and COPPA and foreign counterparts make it very hard to offer logins to children under 13.

Re:Use COPPA as an excuse not to encrypt

[bunratty]

I would say that any site that allows downloads of executable content also needs HTTPS. Otherwise, a middleman could install malware in your downloads nearly as easily as they could see your passwords.

Re:Use COPPA as an excuse not to encrypt

> Then block all HTTPS until age 13. The only sites you need HTTPS for are the ones that require a login, and COPPA and foreign counterparts make it very hard to offer logins to children under 13.

This is becoming false - many sites require HTTPS just because they can.

Re:Use COPPA as an excuse not to encrypt

[AmiMoJo]

Right, because children under 13 don't deserve any privacy anyway. Or email. Or game accounts.

Re:Use COPPA as an excuse not to encrypt

[antdude]

I noticed Apple's Mac OS X parental controls accounts make https difficult to use like web site logins. :(

Drop HTTP completely?

[jones_supa]

What would you think about a hardened web browser which would only allow HTTPS connections? It might be a feasible idea already.

Re:Drop HTTP completely?

[danbob999]

Current browsers prefer HTTP over HTTPS. That's why you don't get any security warning when you connect to a HTTP site but you get a death warning when you visit a self-signed certificate HTTPS site.

Re:Drop HTTP completely?

[jones_supa]

We could begin with a toggleable toolbar button which would lock the browser in HTTPS-only mode. Then we could educate users that when you want to avoid man-in-the-middle attacks, flip this switch on.

Re:Drop HTTP completely?

[bunratty]

The problem with HTTP is that a middleman can see and alter content. If a browser doesn't warn when it encounters a self-signed certificate, then HTTPS would be no more secure than HTTP -- all the middleman has to do is use a self-signed certificate to decrypt/encrypt packets as needed. So browsers do prefer HTTPS, when the certificate can be verified. If you're using HTTPS and the certificate can't be verified, it's no more secure than HTTP unless the user is warned, and in fact it's a way of detecting that a middleman may be present. That's the whole reason for the death warning!

Re:Drop HTTP completely?

[bunratty]

There isn't such an extension already? If there isn't, someone should write one or alter an existing one to add that functionality, at least as an option. Then people should try it and let us know how painful it actually is to use. My guess would be: extremely painful for most users for the next several years, so painful that hardly anyone would use it willingly. Maybe some businesses could force it on their employees.

Re:Drop HTTP completely?

[jones_supa]

Using something like Tor involves some pain too. Some people would probably be interested just for the security boost.

Re:Drop HTTP completely?

[oodaloop]

What, and not be able to post on Slashdot? No thanks.

Re:Drop HTTP completely?

I don't know how serious this is, but Mozilla has defaulting to HTTPS on their security roadmap.

Re:Drop HTTP completely?

HTTP: No privacy assumption.
HTTPS: Assumed private. Not necessarily private with self-signed cert. Therefore warning.

Re:Drop HTTP completely?

[cen1]

I believe HTTP 2.0 will pretty much require HTTPS at all times. So maybe in 20 years?

Re:Drop HTTP completely?

[SuricouRaven]

It does raise the cost of fiddling with traffic. Altering things with HTTP is really easy. Some things can even be done stateless - the Great Firewall of China works in part on that trick, doing stateless filtering of HTTP for certain forbidden strings and spoofing RST packets to break the TCP connection when it finds them. Altering HTTPS requires tracking stateful connections and doing a lot of crypto. Perfectly practical when you're targetting a few people, or running a company LAN. But much less so when you're trying to tamper traffic for an ISP or an entire country. HTTPS doesn't make it impossible, just many times more expensive.

Re:Drop HTTP completely?

[SuricouRaven]

I shouldn't need to add, but if you're using certificates properly then HTTPS *does* make it impossible - at least unless the interceptor can reconfigure the clients or coerce a trusted CA, and doing the latter on a national scale is sure to be noticed.

Re:Drop HTTP completely?

[danbob999]

Self signed HTTPS is still better than HTTP. I can approve the self signed certificate when I am on a network that I trust enough, such as my home ISP. When I go to a public hot spot, if a middle man fake that certificate, I will get an error message. And unless I also approve this new certificate, nobody will be able to see and alter my content.

Those aren't the services you're looking for

I read that as "censorship".

Hosts files work too... apk

"Parental control" (blocking websites) can be done using hosts files (it's how I block ads + get more reliability (vs. downed or redirect poisoned DNS servers)).

Safer, faster, & more reliable websurfing is achievable using 1 native file you already possess, that operates in Ring 0/kernelmode/RPL 0, as an integrated part of the IP stack itself (1st resolver queried too).

APK

P.S.=> Of course, there *IS* this "shameless plug" in that regards - as to HOW I create such custom hosts files AND what they can do for you - also:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

Which gets its data vs. known malicious sites/servers from 12 reputable sources in the security community to do all that's enumerated on that download page... apk

caching, proxying, firewalling, parental control

[nitehawk214]

Or as the rest of us like to say... stopping man in the middle attacks.

Yes

Parental control: You can block websites just fine, either via DNS or IP.

 

The biggest problem is large complex sites like reddit, imgur, google, bing, etc. Do you have any idea how effective Google Images and Bing Video are at finding porn? When running a web filter at something like a grade school (which I have), you have no choice but to ban the websites entirely, or force all devices to have your own root CA to do SSL inspection.

Caching

[bigman2003]

I work at a place with many distributed offices. A lot of these offices are large enough to have their own IT staff who make decisions locally.

Some of those bozos felt the need to have very aggressive caching servers. Aggressive enough that on any non-https website, it was impossible to differentiate between users or deliver new content. So any web apps we rolled out had huge problems if multiple users were logged in- or even better, a page would never update because it already existed in the cache. Essentially dynamic sites were completely unusable. Imagine going to a news site, and reading yesterday's news...because it had been cached less than 24 hours ago.

This problem started about 13 years ago- when HTTPS was far less common. So even on ecommerce sites users were having huge problems. Yes, a lot of ecommerce ran unencrypted 13 years ago.

So- every single site I ran (hundreds of sites....) had to run completely HTTPS- to avoid caching. Even the really simple line of business apps that were ridiculously basic and had no reason to be secure, had to run under HTTPS. Even public facing websites had to run under HTTPS, otherwise the local users would not see updates. (No, they did not see updates on sites I did not control...)

Sometimes IT people can be idiotic...but in their mind it cut down on bandwidth usage, which was a greater goal than having the web actually work.

Most of the people responsible for these caching servers have since retired or moved on...but still on a server delivering over 200 million public page views each year, it all runs encrypted because of their legacy.

But seriously...sometimes people have their nose stuck so far up IT minutia, that they can't see the forest through the trees.

Re:Caching

[drinkypoo]

Some of those bozos felt the need to have very aggressive caching servers. Aggressive enough that on any non-https website, it was impossible to differentiate between users or deliver new content.

If the server ignores your cache-pragma then the server is not just aggressive, it is broken. If you failed to set your cache-pragma then your app is broken, not the proxy. You didn't provide enough information to determine which was the case, and I wouldn't be surprised if some proxies ignored the pragma and some didn't.

Those aren't the services you're looking for

"in-network value added services"

I just read that as "advertising".

I read that as "ad jacking" (dns or dom insertion) by your isp.

Compression: Reduced RF energy

[Theovon]

Now, I'm not sure how HTTPS works, but when you use something like PGP, it first compresses the data in order to increase the entropy, making it harder to crack. So while we're spending more CPU cycles on compression and encryption, doesn't the reduced transmission payload more than offset the cost of the computation? In general, communication is WAY more expensive (in terms of energy) than computation.

Damnit, I'm going to have to read the article to find out if they did this right. :)

Dumb for most sites

[Lumpy]

honestly it is completely dumb for most of the internet. Slashdot does not need to be encrypted, blogs, etc...

the problem is that sysadmins and web developers are to underskilled to figure out how to do it properly.

Parental control of HTTPS via Diladele

http://www.quintolabs.com/ (Diladele) is what I use at home to manage safe surfing for my family. Works great and is free.

google's statement on https

[TheGratefulNet]

https://www.imperialviolet.org...

in short, there is no cpu overhead anymore, in today's compute systems. https is not a barrier due to processing, at least.

Willfully ignoring?

[koan]

That https, at least via wifi and at nation state level monitoring is useless.

It's comcastic

I'm "FED"UP with ISPs thinking they have a right to inject BS into our Intertubes we are paying increasingly insane sums of money for thanks to the steady devolution of a competitive ISP market. Denying service providers the capability to implement RFC6108 (F UUUUU Mr. Livingood) in and of itself makes SSL worth doing.

You can still operate content filters either with a middle box you trust, by explicitly installing a CA certificate or by handling decision making in-browser as an extension/plugin.

Anyhow don't forget to enable HSTS after you get your certs installed kids. Don't let HTTP fallback be an option.

If it comes from an authoritative source...

[istartedi]

If it comes from an authoritative source, Slashdot is less likely to question it. If it comes from me, I'm an idiot trying to run a slow box in the 21st century.

Lots of people are commenting here about how they want to inject ads. No threads are blasting them for suggesting that HTTPS can slow your browsing experience.

Re:If it comes from an authoritative source...

We won't listen to TFA either. Encrypt everything, please.
There's work in progress to make it even faster, cheaper and more efficient, but there's no reason to wait.

Re:If it comes from an authoritative source...

[phantomfive]

If you are upset because https at Google slows your internet experience, then never look at the size of the source code for that 'simple' page. Last time I checked, it was 400k.

Whitelisting

[tepples]

Please help me understand why whitelisting is not enough.

Right, because children under 13 don't deserve any privacy anyway.

If children aren't submitting any personally identifying information (PII), what privacy is to be had? It's already illegal for a web site to collect PII from children under 13 without a parent's consent. If a parent consents to a site's collection of a child's PII, the parent can whitelist the site.

Or email.

The child clicks the send button in a native e-mail app on the computer (not webmail), and then the parent reads the outbox and approves each message as appropriate to be sent. Or the e-mail lands in the inbox, the parent reads it and approves it as appropriate to be received, and the child reads it.

Or game accounts.

The parent can whitelist any game that he or she has approved for a particular child.

Re:Whitelisting

[Bengie]

Sounds like a great way to lose the trust of your child. Enjoy being put in a "home" when you get old enough.

Block executable downloads until age 13

[tepples]

I would say that any site that allows downloads of executable content also needs HTTPS.

I agree. So let's require parental elevation to download an executable until the child graduates from parental controls. The child won't have administrative privileges to install software anyway.

Cost of the "S": 25%

Clearly adding an "S" on the end will result in 5 letters instead of 4. That's a 25% increase!

Let's generalize that.

[jhantin]

More generally, CDNs aren't "in-network services" in the same sense as middleboxes and thus aren't hampered by TLS. When properly deployed they don't sit between the page server and the browser, but rather the page server links to CDN URLs for images, scripts, and other referenced content. From that standpoint they are essentially just another farm of web servers specialized for static content.

The "in-network services" TFA talks about can only work because they can freely inspect, collect copies of, transform, redirect, and generally tamper with the data streams without the end user explicitly opting into them. Most of these I have encountered primarily add value for the network owner, and more often than not actually subtract value for the individual user forced to go through them.

So ends a fad

[An+Ominous+Coward]

And thus the beginning of the end of the RESTful fad. Not that there's anything wrong with RESTful architecture per se, but as a fad it has been shoe-horned by ideologues into so many inappropriate domains lately: embedded P2P, M2M spaces, etc. Sure, it makes sense for one-to-many patterns involving human-readable, human-discoverable resources, particularly of semi-static resources that can be cached and proxied by middle agents. But of course that later part only works for unsecured transactions. So now the exemplar of RESTful design itself, the WWW, is abandoning one of the key supposed benefits of being RESTful.

Re:So ends a fad

[phantomfive]

I don't think it's going to end soon; nearly every new web framework that comes out depends on RESTful stuff. It's going to get bigger before it gets smaller.

Re:So ends a fad

[pooh666]

What is the alternative?

Re:Compression: Reduced RF energy

[drinkypoo]

You can still compress the content sent inside of HTTPS just as you would with ordinary HTTP, it's just HTTP+SSL. But you can have that with or without HTTPS.

Middle Boxes

[acoustix]

You can do caching, proxying, firewalling, parental control, etc with HTTPS. Create a certificate on those boxes and push it out to the client devices. You can then see all encrypted traffic. Problem solved.

Time for httpv?

[Digital+Eco+Freak]

Sometimes https is needed to keep content confidential, but sometimes it is used just to ensure integrity. Some or all site content may be innocuous and not require confidentiality, but a man-in-the-middle corrupting data could change meaning or include malicious code. Maybe there should be an httpv -- http verified -- which includes signed hashes of each resource to offer proxy-friendly integrity and possibly lower overhead.

Re:Compression: Reduced RF energy

[Bengie]

Compressed data leaks information. There have been many side-channel attacks using the resulting size of the data and figuring out what information is in there. Pretty much, statistical analysis.

Re:Compression: Reduced RF energy

[SuricouRaven]

Within HTTPS, is HTTP - wrapped up in encryption. The HTTP still supports transparent compression.

Google 50% faster....

[Wargames]

http://www.google.com/webhp?no...

Compare to driving age

[tepples]

[Whitelisting the Internet] Sounds like a great way to lose the trust of your child.

I don't see how. A lot of families didn't have Internet at home at all until long after 13. Or compare to life away from the keyboard, where kids can't choose where they can travel outside walking distance until age 16-19 depending on country (or never in the case of women in Saudi Arabia).

Accept it?

However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc. Are we ready to accept it?

F F uckin yes....

Website Registration

I blame it on all these websites that want you to sign up for no reason. I always give these idiots fake information anyway.

What does that mean?

"that manifests itself through increases in the page loading time that go above 50%"

50% of what? WTF? Typical Slashdot summary.

All the cost, none of the benefits: Thanks US Gov

[pseudorand]

And that doesn't even account for the cost of man hours to support junk the NSA secretly pushes on us to get around the 'S'.

I just learned that the network guys at my company are looking in to horribly expensive Palo Alto Systems porn filtering for our entire network. Why? Because we got some federal funding and some recently passed law states that such funds can't be used to fund any network that transmits porn. So to check the box when applying for (or renewing) such grants, our lawyers say we have to actively filter out porn (or attempt to, since here on /. we all know that's a practical impossibility).

At first I though, no problem. Possibly they just run outbound web traffic through an anonymous proxy and/or return invalid DNS entries for known porn domain names. So we pay stupid amounts of money for some overpriced network junk. Doesn't affect me. But then I learned that it's actually very sophisticated over-priced network junk. It operates not just at the DNS or HTTP level, but actively filters ALL traffic. How you ask? We'll, my group will be tasked with installing special keys for all encrypted protocols (https, ssh), which the filter has a copy of, of course, on every single system that needs outbound access. Never mind the complete lack of privacy for reasonable personal use (such as doing some banking online during my lunch break instead of taking a whole hour to drive to the bank). Never Mind fact that we're all willing to bet the NSA has their filthy mitts on the filter equipment and does way more than "check for pron" -- all at the expense of my company (and probably the profit of Palo Alto systems, who I'm sure lines the pockets of our congress critters). I could live with all that. I got nothin' to hide.

But when the stick me with a bunch of useless busy work of maintaining a ridiculous infrastructure of compromised ssh keys and trusted ssl certs. When I can't just install the defaults and expect them to work. That pisses me off. Why, congress, why!?!

Firewalling & parental control = hosts... apk

"Parental control" + "firewalling" (blocking host-domain/subdomain names) can be done using hosts files (it's how I block ads + get more reliability (vs. downed or redirect poisoned DNS servers) AND to stay safe vs. known malicious sites & servers)).

Safer, faster, & more reliable websurfing is achievable using 1 native file you already possess, that operates in Ring 0/kernelmode/RPL 0, as an integrated part of the IP stack itself (1st resolver queried too).

APK

P.S.=> Of course, there *IS* this "shameless plug" in that regards - as to HOW I create such custom hosts files AND what they can do for you - also:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

Which gets its data vs. known malicious sites/servers from 12 reputable sources in the security community to do all that's enumerated on that download page (which is FAR MORE than what I just listed above)... apk

APK

Re:All the cost, none of the benefits: Thanks US G

[Animats]

Mod parent up.

"HTTPS Everywhere" is security theater. Most stuff doesn't need to be encrypted. Worse, as the parent post points out, it causes the creation of security holes. This weakens security for the few things that need to be encrypted.

We don't need "value added services" in the middle of the network. Not for secure content, anyway. Perhaps some content should be signed, but not encrypted, so it can be cached, but not modified. Cloudflare, which decrypts everything that goes through it, is a huge security hole.

Whatever Prevents a Verizon-in-the-Middle

[asimons04]

I'm all for HTTPS everywhere for all of the aforementioned reasons already posted, but especially to screw over Verizon and their HTTP tracking injection. For those unaware, Verizon Wireless is injecting headers into your traffic at the network level to track you for advertising purposes. You have the option to opt-out (you're opted-in by default), but that just supposedly prevents them from selling the information; the tracking header is still injected into your data stream and is visible to all sites you visit and on the server-side of any app you use that uses unencrypted HTTP requests. If the site you visit uses HTTPS (or use you a VPN), Verizon can't MITM you. Screw Verizon Wireless.

Firewalling?

However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc.

Nowhere in the paper does it mention firewalling. The submitter's just making shit up.

You mean ad injection?

[Vlijmen+Fileer]

"the inability to offer any in-network value added services" - I was hoping you were referring here to injecting webpages with ads on mobile phones while browsing? Can that criminal behaviour be prevented by an all-HTTPS web?

Cloudflare

Caching works fine with cloudflare, they are proxy and cache in the middle.

With cloudflare, they tend to establish their own secure connection to your website, then cache that content on their service, and users who use HTTPS will establish their own HTTPS connection directly with cloudflare.

So HTTPS and caching still works just fine.

I do love the security of HTTPS because if the system isn't set up like this, but it is possible a transparent method might work like this, um, it prevents man in the middle from caching, blocking, or identifying your traffic, and it prevents most forms of snooping, and it prevents NSA from getting access to the unencrypted stream - and trust me, NSA is secretly intercepting all content, encrypted or not, so you better at least try to protect yourself by using some encryption.

The worst thing about NSA spying today is that the unencrypted internet is fully open to them. They nab HTTP headers which contain a lot of information plus the content of the transferred data; The HTTP headers will contain PUT, GET, COOKIE, POST information, including unencrypted passwords and usernames and social security numbers and other information. This allows NSA to directly track all Internet users and the information is available to agents of the government when they want to hack an account or be abusive or even get into things illegally.

Not to worry, this is not even their most invasive surveillance method - they also have a series of mind reading satellites so they can decode your thoughts directly from space and radar, and it's fully patented stuff, been in deployment since the 1970s. The technology is ground and building penetrating too, so they can even take scans of your ass and tits from space, this technology is called interferometry or ground / building penetrating tomography.

http://www.myronmays.com/

Yes.

That is all.

one more character in code

[decibel.places]

Adding "s" to "http" means there is one more character added to every URI in the code. Although negligible in a smaller application code base, these additional characters can accumulate to cause a noticeable impact on storage and network usage in larger applications that have been highly optimized.

They missed one

Another hidden cost is that it really sucks over a satellite link.

Not everybody lives in a city or within 5 miles of the CO.

Parental controls

Well we can do without parental censorship er... control for a start.

Telefonica...

[snowsnoot]

"However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc." ... And that is bad? Oh right this is written from the carriers perspective. Personally I would prefer if the would stop DPI'ing all my traffic and doing 'value added' stuff. This is about resisting the dumb pipe scenario. I can think of a Canadian company (who Telefonica happen to be their largest customer) that would find their business model threatened by an all encrypted internet. IMO, the carrier should have no place looking at the traffic I generate on their network. If I have to encrypt to guarantee it, then let's do it.

Re:Compression: Reduced RF energy

[petermgreen]

While compression may help prevent some types of attack (in particular known plaintext attacks) it also creates new avenues of attack. In particular it makes the message length dependent on the message content.

For something like human written pgp emails this is not a massive deal,the length variability of human written messages and the low message rate mean that the chances of useful information being leaked this way are negligable.

For things like VOIP this can cause information leakage even to a passive attacker as what people say will impact the compressibility of the data. http://www.esecurityplanet.com...

For things like https the message rate is too low and the content too variable for a passive attacker to stand much chance of exploiting the messsage length side channel but an active attacker can stimulate traffic with known characteristics and partially known content to effectively exploit the channels.