Firefox Prepares To Mark All HTTP Sites 'Not Secure' After HTTPS Adoption Rises

An anonymous reader quotes a report from Bleeping Computer: The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default, and Mozilla is taking the first steps. The current Firefox Nightly Edition (version 59) includes a secret configuration option that when activated will show a visible visual indicator that the current page is not secure. In its current form, this visual indicator is a red line striking through a classic lock that's normally used to signal the presence of encrypted HTTPS pages. According to Let's Encrypt, 67% of web pages loaded by Firefox in November 2017 used HTTPS, compared to only 45% at the end of last year.

Not everything need story be encrypted

Let's say I'm downloading a file that's several GB, like a disk image. When I download it, I'll verify the signature. If it's valid, the file is usable. Encrypting the entire download is a waste of resources for both the server and client. Not everything needs to be encrypted, so this is a little silly. Plus, hosting providers often charge extra fees for https, at least based on my experience.

Re:Not everything need story be encrypted

Good thing that the cost is essentially zero on modern hardware, then.

Re:Not everything need story be encrypted

[truedfx]

Indeed not everything needs to be encrypted, and in some specific circumstances HTTP may be the better option, but firstly, the average user cannot tell what does and does not need to be encrypted, and secondly, even in those cases where HTTP is the better option, it's usually close enough nowadays that it doesn't make that much of a difference. Because of that, I'd be perfectly happy with HTTPS becoming the norm, HTTP flagged as insecure, but HTTP nonetheless continuing to be supported in browsers indefinitely.

Re:Not everything need story be encrypted

>Not everything needs to be encrypted
Yes. Everything. Always.

Re:Not everything need story be encrypted

Not everything, but most things do benefit from HTTPS even when you're not trying to keep secrets. HTTPS also authenticates the data, so nobody can alter the data you're downloading. You don't manually check signatures for the hundreds of files that make up a website these days. You could automate that, but then you'd end up with HTTPS anyway.

Re:Not everything need story be encrypted

Says the guy who never had to troubleshoot anything before...

Re:Not everything need story be encrypted

[Zero__Kelvin]

"Let's say I'm downloading a file that's several GB, like a disk image. When I download it, I'll verify the signature."

If you are tech savvy enough to do this then you are tech savvy enough to realize that the image means you are using HTTP, not HTTPS. They aren't stopping you from using HTTP, just making sure you are aware that you are using HTTP rather than HTTPS. So what it the problem again?

Re:Not everything need story be encrypted

[Cthefuture]

What waste? Modern processors have AES in hardware. Except for the initial TLS negotiation (and even that is hardware accelerated on most systems) it costs almost nothing to use encryption.

Re:Not everything need story be encrypted

[arglebargle_xiv]

There's also a huge difference between "encrypted" and "secure". The headline should really read "Firefox Prepares To Mark All Otherwise OK Sites that Haven't got a Free Cert from Lets Encrypt or Comodo 'Not Secure'". Since Let's Encrypt and Comodo will happily hand out certs to phishers, crooks, fraudsters, and scammers, and any crook worth their salt will get a cert because of the way browsers pretend this makes the site better, the adverse-selection principle means you may be safer on a non-HTTPS site.

Re:Not everything need story be encrypted

> Not everything needs to be encrypted, so this is a little silly.

Who decides, what's important? Hint: NOT YOU!

Re:Not everything need story be encrypted

[hey!]

Then don't encrypt and click through the security warning if for some reason the computational costs are a problem.

From the developer's standpoint, the question is which default behavior causes more harm over the entire user base: treating http as secure enough when users are exchanging sensitive information, or putting up a nagging message the user has to click through (or add the site to a whiteliest) when he doesn't want encryption for some reason.

Re:Not everything need story be encrypted

Problem are annoying UI changes that are meant to 'remind' everyone of the obvious (which is a pain if e.g. your internal monitoring web apps start looking broken). And sometimes they're so much into babysitting you that they intentionally don't provide a kill switch for such misfeature.

Re:Not everything need story be encrypted

[Agripa]

Encrypting the entire download is a waste of resources for both the server and client.

Decreasing processing costs means that the encryption and decryption are an insignificant use of resources.

Re:Not everything need story be encrypted

The problem is if you mark something secure and insecure that's what people believe. We should aim higher. It should be encrypted and unencrypted, instead of misrepresenting what https and http is.

Stupid

This is completely retarded. Not every site needs https.

Re:Stupid

[Man+On+Pink+Corner]

But it's apparently very important to educate users to ignore yet another legitimate warning indication.

Re:Stupid

[TechyImmigrant]

But it's apparently very important to educate users to ignore yet another legitimate warning indication.

What's worse is the implication that if it isn't telling you that it is not secure, it must be secure, because it's using https.

Re:Stupid

This is completely retarded. Not every site needs https.

This is true, but "Not Needing HTTPS" =/= "Secure". Firefox will still be correct in identifying the connection as not being secure.

Re:Stupid

[arth1]

This is true, but "Not Needing HTTPS" =/= "Secure". Firefox will still be correct in identifying the connection as not being secure.

But HTTPS does not imply secure either. It's lulling users into a false sense of and understanding of security.

Re:Stupid

This is true, but "Not Needing HTTPS" =/= "Secure". Firefox will still be correct in identifying the connection as not being secure.

But HTTPS does not imply secure either. It's lulling users into a false sense of and understanding of security.

No, you have it backwards. By never marking HTTP is insecure before we created the false sense of security folks now mistakenly have. HTTPS really does mean "secure" (it's the S), but it's not as easy as setting it and forgetting it. Secure encryption is a constantly moving target, and must be regularly revisited and adjusted.

Re:Stupid

[WaffleMonster]

No, you have it backwards. By never marking HTTP is insecure before we created the false sense of security folks now mistakenly have.

Nonsense. Failing to indicate a disposition is NOT misleading and contributes to no false sense of anything.

In the real world without near universal buy-in for HTTPS exclusively people will browse somewhere... Not secure... oh noes neither is this...or this... too bad I'm going to go here and do that anyway... pretty soon it devolves into a joke about everything causing cancer followed by this scary message AND every other remotely similar scary message no matter what it says being filtered out on a subconscious level from the minds of users.

HTTPS really does mean "secure" (it's the S), but it's not as easy as setting it and forgetting it.

HTTPS as currently deployed is only as secure as the least secure CA on the PLANET or most despotic regime harboring a state run CA in the WORLD.

This is before factoring in the inescapable reality virtually all DV certs assigned are done so in an automated fashion by trusting signals returned from completely INSECURE protocols. At best on a good day assuming all hell isn't breaking loose in China HTTPS is as secure as a leap of faith.

Falsely indicating something to be "secure" when really it's just better than nothing is by far the more damaging disposition.

Re:Stupid

[thegarbz]

This is completely retarded. Not every site needs https.

That's for the users to determine so telling them which sites are secure and which are not makes perfect sense.

Re:Stupid

[sarku]

I totally agree. Waste of resources, waste of sysadmin time, and a bandaid on the problem at best. It's a kind of mass hysteria that's taking hold of people, and this is just one symptom of it. People think they're "not secure" when they see something like that, and it just adds to their sense of insecurity when the real problem isn't with the website, it's with themselves and their own relationships. Laugh at it. Scoff at it. Be "rational." Sure, but it's an irrational response to a problem that's bigger than most want to admit or even have the capacity to understand.

Re:Stupid

[arth1]

HTTPS really does mean "secure" (it's the S), but it's not as easy as setting it and forgetting it.

HTTPS as currently deployed is only as secure as the least secure CA on the PLANET or most despotic regime harboring a state run CA in the WORLD.

That's before taking into account that encrypted and signed does not imply secure. That's dead wrong. The other end might be hacked, or it might be run by crooks, or monitored by agencies, or your computer might be hacked.
Browsers saying it's "secure" lulls people into a false sense of security. It's like believing your property is secure because you put a lock on one door.

Re:Stupid

[jeremyp]

HTTPS is only secure if all the CA certs installed on your computer are completely trustworthy. For example, if I am able to bribe an employee at the Digital Signature Trust Company, to make me a CA cert, I am then able to manufacture fake certificates for any domain I like and I can use it to MITM your browser (unless your browser is telling you right now that Slashdot's certificate is not trusted).

Re:Stupid

Exactly. It's not secure. It's encrypted.

Servers on your LAN are probably Not Secure

[tepples]

HTTPS requires a certificate, and a certificate that requires a fully qualified domain name. The CA/Browser Forum's Baseline Requirements forbid issuing certificates in RFC 1918 private networks (such as 10/8 and 192.168/16) or the mDNS reserved domain (.local). This means everything on the average user's local area network will end up marked "Not Secure", such as the administration interface of the user's router, printer, or network attached storage (NAS) device.

The document "Deprecating Non-Secure HTTP" states that Mozilla is aware of this problem but fails to offer a solution:

Q. What about my home router? Or my printer?

The challenge here is not that these machines can’t do HTTPS, it’s that they’re not provisioned with a certificate. A lot of times, this is because the device doesn’t have a globally unique name, so it can’t be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and we’re talking to some device vendors about how to improve the situation.

It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem.

Re:Servers on your LAN are probably Not Secure

[Octorian]

What's even worse, is that many of these devices use HTTPS with an unverifiable certificate (either self-signed, missing an FQDN due to being local, etc). This is extremely annoying (and likely confusing to many) when trying to access such devices, to the point where they probably seem outright broken to an "average" user.

I wish one of these organizations would come up with some solution to that problem, which everyone can adopt.

For my own purposes, I set myself up an "internal CA" and loaded its certs on all my browsers/devices. However, that's extra atypical effort and my Android phone has a constant "Network may be monitored" warning banner as a side-effect of doing that.

Re:Servers on your LAN are probably Not Secure

The devices technically are insecure on a local level, we just don't care. I fail to see why we should care about the padlock icon making that clear if we don't care about the insecurity to begin with.

Re:Servers on your LAN are probably Not Secure

[RightwingNutjob]

Great. Another layer of DRM. Printer doesn't work unless you're plugged into the internet and paying for 'up-to-date' certificates from the vendor.

Re:Servers on your LAN are probably Not Secure

[WaffleMonster]

Q. What about my home router? Or my printer?

The challenge here is not that these machines canâ(TM)t do HTTPS, itâ(TM)s that theyâ(TM)re not provisioned with a certificate. A lot of times, this is because the device doesnâ(TM)t have a globally unique name, so it canâ(TM)t be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and weâ(TM)re talking to some device vendors about how to improve the situation.

It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem

The solution is logging into the device using TLS-SRP but this doesn't enrich the CAs so no chance in hell.

Re:Servers on your LAN are probably Not Secure

Forge a cert for yourself, it's not hard.

Re:Servers on your LAN are probably Not Secure

[TechyImmigrant]

> I set myself up an "internal CA" and loaded its certs on all my browsers/devices.

This is the usual solution for big companies and capable users.

However the flaw is in the certificate specs. Certificates and crypto library auth policies do not have the semantics defined to declare "This cert is for this specific local domain and address space with this unique identifier" so it can be distinguished from all other such places with an identical domain and address space. It's a solvable problem. The browser makers are slow and irresponsible with conflicts of interest abound. That's why certs and the logic in browsers and crypto libraries do not meet your needs and you need to effectively roll your own CA. It's why a CA can charge hundreds of dollars to perform 50ms of compute effort. It's why 2048RSA with SHA256 is marketed at "high security" bullshit.

Re: Servers on your LAN are probably Not Secure

The solution is obvious - TheCloud(tm). Admin pages will be hosted in the cloud while the physical device in the home will only talk to and take orders from said cloud. Problem solved!

Everyone wins! Consumer traffic will be encrypted between the end points and the manufacturer will scan and monetize all the data on their end. Win, Win, Win!!!

Re:Servers on your LAN are probably Not Secure

As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem.

Are Mozilla fucking serious ?
Could someone please tell them to pull their collective heads out of their arses and get back to what they used to do.. ie, make a good browser, and stop trying to be the fucking Internet Police, deciding to make peoples hardware obsolete whenever they see fit.

Or are they deluding themselves by thinking that manufacturers will fall over themselves in a rush to make firmware updates for everything ?

Re:Servers on your LAN are probably Not Secure

[GuB-42]

You mean a self signed certificate? Browsers hate these even more than plain http.
If you mean creating your own root of trust, it is not easy for the layman. And you can't make it too easy, otherwise, it will be exploited.

Re:Servers on your LAN are probably Not Secure

[vux984]

We don't care.

What we care about is the interstitial page the browser throws up that prevents us from reaching the device until we click agree twice, add an exception, click advanced, click yes, we really mean it, click settings click enable user to view insecure sites... just to get it done. Its not this bad yet, but its getting there.

Re:Servers on your LAN are probably Not Secure

[vux984]

And the solution is really simple:

firefox, chrome etc should have different rules when accessing devices on 10.x.x.x and 192.168.x.x etc.

Especially if localhost is on the same subnet. Or a tracert to the device never crosses a public internet address. With equivalent rules for IPV6.

For me at least the VAST majority of the time I'm accessing these devices I'm on the same private subnet. There's a couple scenarios at work where things are separated, and I might be accessing 10.1.1.x from 10.5.5.x etc,

It can still flag it as an insecure connection, because it is, but it shouldn't make a big fuss about it or try and warn me the sky is falling and block me. Because its not touching the internet.

Re:Servers on your LAN are probably Not Secure

[swillden]

That's only for sites with invalid certs. HTTP sites will just get a little icon. There's no reason ever to throw up interstitial pages for that ... and a *very* good reason for doing so with certs that don't match the site that provided them.

Mr Policeman

Great. How your site won't be browsable at all by default in Firefox until you pony up cash to a certification company.
I guess we know who paid for all those Quantum puff pieces now.

If the signature itself is tampered with

[tepples]

Let's say I'm downloading a file that's several GB, like a disk image. When I download it, I'll verify the signature.

How can you be sure that the SHA-256 value against which you are verifying the disk image hasn't itself been tampered with on its way to your device?

Encrypting the entire download is a waste of resources for both the server and client.

No it isn't. If you fail to encrypt, your ISP, your ISP's ISP, and any snooping government can tell conclusively what you have downloaded. If you do encrypt, the eavesdropper can see only what domain you're accessing and the sizes of what you download. You can obfuscate even the sizes by using range requests to pull the 4 GB disk image a 4 MB chunk at a time.

Plus, hosting providers often charge extra fees for https

Then take your business elsewhere. Switch from a hosting provider that charges extra for HTTPS to a competing hosting provider that does not charge extra for HTTPS.

Re:If the signature itself is tampered with

[RightwingNutjob]

And sometimes you don't care. Like when you're on an internal network and don't want to confuse your users with a red warning signal.

Re:If the signature itself is tampered with

[truedfx]

How can you be sure that the SHA-256 value against which you are verifying the disk image hasn't itself been tampered with on its way to your device?

Even if the main download is done using HTTP, the SHA-256 value can be requested over HTTPS.

Re:If the signature itself is tampered with

If you are on an internal network you can make and install your own certificates.

And use the Null cipher.

Re:If the signature itself is tampered with

Yes, but why bother? Just to work around this UI bug that Firefox is thinking of adding?

Re:If the signature itself is tampered with

[tepples]

Even if the main download is done using HTTP, the SHA-256 value can be requested over HTTPS.

But the operator of the site hosting the SHA-256 values will still need to obtain a certificate. Is it more a matter of setting up Certbot to provision one certificate for the hash site rather than a separate certificate for each mirror site?

Re:If the signature itself is tampered with

How to render the SHA-256 Pre-image collision attacks effectively moot: Check the Fucking File Size.

How your ISP The Gov render HTTPS moot: Transparent Proxying.

You are fucked, no matter what. This will just increase the cost of entry and user confusion.

Re:If the signature itself is tampered with

[truedfx]

But the operator of the site hosting the SHA-256 values will still need to obtain a certificate.

Indeed.

Is it more a matter of setting up Certbot to provision one certificate for the hash site rather than a separate certificate for each mirror site?

The concern was that for large (multi-gigabyte) files, HTTPS becomes a waste of resources. I'm not going to comment one way or another on the correctness of that claim, but setting up a single server to accept both HTTP and HTTPS connections is trivial, and then the client can make the choice to download the large file from that server over HTTP, and the hash from that same server over HTTPS. It wasn't my idea to have the full file and the hash come from different servers, although that is indeed an option as well.

Re:If the signature itself is tampered with

[WaffleMonster]

No it isn't. If you fail to encrypt, your ISP, your ISP's ISP, and any snooping government can tell conclusively what you have downloaded. If you do encrypt, the eavesdropper can see only what domain you're accessing and the sizes of what you download.

For most publically available sites this is simply not true. Counting bytes and timing analysis is more than enough to reconstruct users activities with a high degree of confidence.

You can obfuscate even the sizes by using range requests to pull the 4 GB disk image a 4 MB chunk at a time.

Is it really more difficult for an adversary to sum up a bunch of 4MB chunks?

Then take your business elsewhere. Switch from a hosting provider that charges extra for HTTPS to a competing hosting provider that does not charge extra for HTTPS.

Telling someone who doesn't see the point of HTTPS for x,y and z to get a new provider is probably not likely to result in a positive outcome.

Re:If the signature itself is tampered with

[tepples]

How to render the SHA-256 Pre-image collision attacks effectively moot: Check the Fucking File Size.

The attack I'm concerned about doesn't involve a hash collision. The attacker who intercepts an HTTP connection can replace both the disk image with a replacement of the same size and the hash with the hash of the replacement image. And this interception (sometimes mistakenly called "transparent proxying") is much more difficult with HTTPS than with cleartext HTTP.

This will just increase the cost of entry

Increasing the cost of interception to where only nation-states can afford it and there's evidence if they do it anyway is the entire point of HTTPS.

Re:If the signature itself is tampered with

[tepples]

Is it really more difficult for an adversary to sum up a bunch of 4MB chunks?

Yes. For example, once you have the content length, you can always request the end of a roughly 4 GB file as a full 4 MB range rather than a partial chunk by seeking 4 MB before the content length. Or for an additional data cost smaller than 1 percent, you can randomly request one to ten extra chunks at various points in the file.

Telling someone who doesn't see the point of HTTPS for x,y and z to get a new provider is probably not likely to result in a positive outcome.

That was directed at people who do see the point "but...".

Re:If the signature itself is tampered with

[WaffleMonster]

Yes. For example, once you have the content length, you can always request the end of a roughly 4 GB file as a full 4 MB range rather than a partial chunk by seeking 4 MB before the content length. Or for an additional data cost smaller than 1 percent, you can randomly request one to ten extra chunks at various points in the file.

Simply chunking a 4 GB file is not the same as implementing a padding scheme. No doubt measures can be implemented to deny timing and size analysis to adversaries. This isn't really the issue.

None of this actually exists in the real world across vast majority of systems deployed today. To achieve the above you either have to write a custom http client or get explicit buy in from the operator to implement something at a higher level. This has real world consequence in that assertions simply adding SSL meaningfully addresses privacy of users WRT public facing content is simply not true. What is possible is academic if it isn't being done.

Re: If the signature itself is tampered with

[tepples]

Nobody cares about any entertainment that much [...] if a finance transaction does not take place, then ssl is overkill.

Didn't "a finance transaction" set up your subscription to receive said entertainment in the first place?

Re:If the signature itself is tampered with

[hairyfeet]

Insightful? Really mods? Lets take a site like Megofan...all it has is scans of old Mego adverts and interviews with the guys that worked there. No sign in, no information from the user at all, just some static images and text....now WHY IN THE FUCK does this need to be encrypted? Anybody? Beuller?

You want to make the web safe? KILL JAVASCRIPT DEAD and while you are at it BAN accepting code from third parties like these sleazy as fuck advert companies...tada! Web is safe as in your mama's arms...oh but that would mean website owners might have to get off their overfed asses, wipe the Cheetos dust off their fingers and actually VET THEIR ADS instead of just bitching and whining when we block them! Can't have that, nope so lets make every site in the free world including those that are nothing but text and jpegs encrypt for...not a damned reason other than SECURITY THEATER.

This is a classic example of the "we have to DO SOMETHING!" bullshit, a variation of the "think of the children!" kind of thinking...does it solve the REAL problem, which is our devices spying on us, malware filled adverts, or any of the real nasty things we've been dealing with? Nope. But hey it lets CA vendors make more money while putting on the appearance of giving a fuck and that is just as good in these days of hastag "our hearts are with" insert name of city...right?

Re:If the signature itself is tampered with

[tepples]

To achieve the above you either have to write a custom http client [...] What is possible is academic if it isn't being done.

Except 90 percent of it has been done in existing download managers. I imagine the anti-analysis features that I described (always retrieve full-size final range and retrieve dummy ranges) are straightforward to add to a download manager. Do you need me personally to create a proof of concept in order for it to become no longer "academic"?

Re:If the signature itself is tampered with

[tepples]

KILL JAVASCRIPT DEAD

Have fun click-click-clicking through a server-side image map that fully reloads the page every time. Or have fun not being able to use an application at all because instead of being a web application, it was developed as a native application for an operating system other than yours.

Re:If the signature itself is tampered with

I think you don't understand the difference between a hash and a signature. The OP said they would verify the signature, not the SHA256.

Re:If the signature itself is tampered with

If you don't care, then you frankly deserve your users asking you why you don't care, and there is just a red warning icon showing up.

Re: If the signature itself is tampered with

No, I can't.
What I can do, is open a ticket and fill out several lengthy forms, have it approved at the Director level, submit a Security justification, and wait 60 days minimum to get the cert which was signed by the Corporate key.
THEN I can install it, and repeat the process for the other 1,000 devices/sites I manage.

Re:If the signature itself is tampered with

[WaffleMonster]

Do you need me personally to create a proof of concept in order for it to become no longer "academic"?

Not relevant.

The point isn't "how" or "whether" something can be achieved. It's the simple fact it has not actually been achieved by any measurable percentage of users therefore any benefit arising from its existence is not being felt... in other words it's academic. Merely creating a "proof of concept" changes nothing.

Re: If the signature itself is tampered with

Did that for years without much suffering.

Re:If the signature itself is tampered with

[tepples]

How would the person verifying the download securely obtain and verify the public key of the signer? Does it involve CAs, or does it involve long-distance travel to key signing parties?

Re:If the signature itself is tampered with

[AmiMoJo]

Makes it harder to inject malware, a favourite tactic of governments.

Also increases the cost of mass surveillance to the point where it is impractical.

The web should have been fully encrypted from the start.

Re:If the signature itself is tampered with

[tepples]

The web should have been fully encrypted from the start.

With what? 40-bit keys? At the start of the web, competent encryption was considered a munition in some economically important countries.

Re:If the signature itself is tampered with

Because it makes it harder to do things like inject random stuff into the stream.

Re:If the signature itself is tampered with

[Aristos+Mazer]

Also, the CPUs weren't as good -- the time needed to encrypt and decrypt would have been a far greater percent of the available CPU than today, even with the shorter keys of the era. It wasn't practical to do a lot with encryption in the mid-1990s. Zipping up some files the size of a floppy disk into a password-protected .zip could take 20 minutes on the desktop I had; only a couple minutes without the password.

Re:If the signature itself is tampered with

[Askmum]

This is a classic example of the "we have to DO SOMETHING!" bullshit, a variation of the "think of the children!" kind of thinking...

I totally agree. I have a small personal website that hosts some stats about my server (disk usage and such) and hosts pictures I want to share with people.

Why would that site be unsafe? I use no cookies, I do not require logins. Why would my site be branded like that because some has-been company pushes their agenda?

Re:If the signature itself is tampered with

[TheRaven64]

The concern was that for large (multi-gigabyte) files, HTTPS becomes a waste of resources. I'm not going to comment one way or another on the correctness of that claim

I am, by pointing out that Netflix is able to saturate 40GigE NICs in a single machine (I think they can now saturate two of them) serving nothing but HTTPS traffic, and the bottleneck for them is usually the disk and sometimes DRAM, but never the encrypt. On a modern CPU, you're DMAing from cache and you can encrypt a lot faster than line rate (particularly with AES, where it's almost entirely in fixed-function hardware) and then the encrypted data is right next to the DMA unit ready to send to the NIC. With newer NICs, you can offload most of the TLS (not the handshake, but all of the bulk encrypt) to the NIC, so you pay a tiny power cost but nothing else.

Re:If the signature itself is tampered with

[AmiMoJo]

The web was invented in the UK. No export restrictions on crypto at the time.

Re:If the signature itself is tampered with

[Anne+Thwacks]

Why would my site be branded like that because some has-been company pushes their agenda?

Because the people selling certs need some leverage to sell their over priced products. That is what it is about. Nothing to do with security.

Re:If the signature itself is tampered with

[Hal_Porter]

How can you be sure that the SHA-256 value against which you are verifying the disk image hasn't itself been tampered with on its way to your device?

True. And doing HTTPS encryption isn't all that taxing on a modern CPU. E.g. newish CPUs can do AES with one instruction

https://en.wikipedia.org/wiki/...

Re:If the signature itself is tampered with

[Dagger2]

Because it's open to MITM and passive snooping. There have been cases of networks inserting DDoS code into unencrypted webpages to recruit clients into attacking an unrelated site. (Or if you prefer, cases of networks inserting cryptocoin miners.) It's also possible to exploit security vulnerabilities in the client by injecting code into a plain-text connection, thus hiding the source of the exploit (and saving you the effort of tricking the client into visiting your own site).

Plain-text HTTP is just plain unsafe. That's why it should be branded as unsafe.

Re:If the signature itself is tampered with

But maybe you should care. Local networks can also be attacked by its users.

We run an internet facing server in our DMZ just for maintaining Let's Encrypt certificates. Our web servers in the LAN automatically pick up their certificates on the DMZ server. It's really easy to configure, and now we have trusted internal sites for all users, so they don't have to be scared to enter their credentials on our internal webapplications such as Bugzilla.

It will be even easier to setup when Let's Encrypt introduces wildcard certificates next year :)

Re:If the signature itself is tampered with

[Dagger2]

Except not, because you can get SSL certs for free (via a mechanism that is actually easier than paying for the certs).

If you had to pay then you would have a point, but you don't.

Re:If the signature itself is tampered with

Netflix is using a completely different class of hardware than a home web server.

Mine is running on a Raspberry PI 2, which is totally overkill for the purpose, an old 486 would do fine.

Re:If the signature itself is tampered with

If you fail to encrypt, your ISP, your ISP's ISP, and any snooping government can tell conclusively what you have downloaded.

The way HTTPS is designed any CA can generate a certificate for any domain, and every snooping government already has their own CA.

As for ISPs, a ten second look into the certificates trusted by Firefox showed at least one ISP on the list (Telia), I'm sure I would find more if I had bothered to spend more than ten seconds.

Re:If the signature itself is tampered with

Please tell me where, because I've spent hours looking into something called "Let's Encrypt", which already has the price (a couple of hours multiplied by what an hour is worth) above several of the cheaper commercial CAs.

And even so, I've come to the conclusion that to use Let's Encrypt, you have two options. Either hire an employee to manage your certificates, or download random software from an untrusted site (telling me to download their software automatically makes them untrusted), and we all know where that ends: Exactly where Windows was 20 years ago, security wise.

Re:If the signature itself is tampered with

So, no more running a home web server on an old 486, leave the web to Google, Netflix and so on, just like cable TV...

Re:If the signature itself is tampered with

[tepples]

Any ACME client distributed as free software, not just Certbot, can obtain certificates from Let's Encrypt. If that's not enough, what makes the distributor of your operating system or web server software "trusted" in the first place?

Re:If the signature itself is tampered with

[tepples]

A Raspberry Pi is probably cheaper than even the electric power needed to keep the i486 PC running for a substantial length of time.

Re:If the signature itself is tampered with

[rainer_d]

The web was invented in the UK. No export restrictions on crypto at the time.

It was invented in Switzerland, at CERN.

Re:If the signature itself is tampered with

[AmiMoJo]

Yes, sorry I did meant the EU. The inventor was British, but working at CERN. Thanks for the correction.

Re:If the signature itself is tampered with

[Hal_Porter]

Well you can still serve web pages from your 486, just not with AES-NI.

Actually openssl seems like it has pretty performant AES encoding even on MMX and just regular x86. It's unlikely to be bottleneck.

https://github.com/openssl/ope...

Re:If the signature itself is tampered with

[rainer_d]

Switzerland is not in the EU.
Its application for membership was laying dormant since a public vote in 1992 failed to gain the necessary support and was finally officially retracted in 2016.

https://de.wikipedia.org/wiki/...

Europe!=European Union ;-)

Re:If the signature itself is tampered with

[AmiMoJo]

Yes, but the web wasn't invented in Switzerland. It was invented at CERN building 31, which is in France. The CERN campus spans both countries, but that building is on the French side.

Re:If the signature itself is tampered with

By forcing a download to be encrypted you cannot use standard content distribution networks (CDN) to accelerate the download. The encrypted content will all need to hit your servers with your certificate because only your private key can perform that handshake. Major CDNs do have services that can allow for HTTPS access, but it always involves leaking your private key in some way, thus less security.

The original supposition is to provide the SHA-256 hash via HTTPS and send the large file via HTTP which can be cached by proxies, use CDNs, and the like. The download can be verified as correct after download by the hash and size. You could also cryptographically sign downloads to accomplish a similar result. A third party may still be able to deduce what you downloaded and use that against you, but having the same download encrypted does not necessarily prevent the same party from deducing the download since many projects have their own site. For example, a large download from gimp.org is probably GIMP.

Re:If the signature itself is tampered with

Sure, but SSL was developed by Netscape in the US.

Re:If the signature itself is tampered with

Plain-text HTTP is just plain unsafe. That's why it should be branded as unsafe.

Plain text http is quite safe, it is plain text JavaShit that can be abused to the point that my first download is always NoScript.

Re:If the signature itself is tampered with

newish CPUs can do AES with one instruction

And how many micro ops or real world CPU cycles does that translate to? Like many other CISC instructions it will translate to a whole mess of internal instructions with near unbounded runtime. You might as well say downloading the internet is quick you only need to start one command firefox.exe .

Re: If the signature itself is tampered with

nope, youtube doesn't cost me shit. My bank needs encryption. Me reading a webcomic does not need encryption either.

Re:If the signature itself is tampered with

[Hal_Porter]

And how many micro ops or real world CPU cycles does that translate to?

It's pretty good

https://github.com/openssl/ope...

# Performance.
#
# Given aes(enc|dec) instructions' latency asymptotic performance for
# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte
# processed with 128-bit key. And given their throughput asymptotic
# performance for parallelizable modes is 1.25 cycles per byte. Being
# asymptotic limit it's not something you commonly achieve in reality,
# but how close does one get? Below are results collected for
# different modes and block sized. Pairs of numbers are for en-/
# decryption.
#
# 16-byte 64-byte 256-byte 1-KB 8-KB
# ECB 4.25/4.25 1.38/1.38 1.28/1.28 1.26/1.26 1.26/1.26
# CTR 5.42/5.42 1.92/1.92 1.44/1.44 1.28/1.28 1.26/1.26
# CBC 4.38/4.43 4.15/1.43 4.07/1.32 4.07/1.29 4.06/1.28
# CCM 5.66/9.42 4.42/5.41 4.16/4.40 4.09/4.15 4.06/4.07
# OFB 5.42/5.42 4.64/4.64 4.44/4.44 4.39/4.39 4.38/4.38
# CFB 5.73/5.85 5.56/5.62 5.48/5.56 5.47/5.55 5.47/5.55

Compared to the normal, non AES-NI x86-64 implementation which looks pretty good to me it's about 10x better

https://github.com/openssl/ope...

# Version 2.1.
#
# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
# [you'll notice a lot of resemblance], such as compressed S-boxes
# in little-endian byte order, prefetch of these tables in CBC mode,
# as well as avoiding L1 cache aliasing between stack frame and key
# schedule and already mentioned tables, compressed Td4...
#
# Performance in number of cycles per processed byte for 128-bit key:
#
# ECB encrypt ECB decrypt CBC large chunk
# AMD64 33 43 13.0
# EM64T 38 56 18.6(*)
# Core 2 30 42 14.5(*)
# Atom 65 86 32.1(*)
#
# (*) with hyper-threading off

It makes sense to hardware accelerate something like AES, after all people have being doing it in FPGAs for ages.

http://ece-research.unm.edu/ji...

On ARM and x86 people have built crypto coprocessors

https://en.wikipedia.org/wiki/...

Re:If the signature itself is tampered with

How can you be sure that the SHA-256 value against which you are verifying the disk image hasn't itself been tampered with on its way to your device?

No it isn't. If you fail to encrypt, your ISP, your ISP's ISP, and any snooping government can tell conclusively what you have downloaded. If you do encrypt, the eavesdropper can see only what domain you're accessing and the sizes of what you download. You can obfuscate even the sizes by using range requests to pull the 4 GB disk image a 4 MB chunk at a time.

Please tell me you personally verified the server's public key that you got from the key server. Oh? You didn't? You relied on whatever key came with the browser / OS? Oops. I guess the NSA owns you now, MHAHAHAHAHA!

Note the lack of a sarcasm tag, HTTPS (and any other form of encryption relying on unvetted keys) doesn't do any good for the end user. And hell, lately developers seem to be doing everything they can to make verification of trust difficult. (Google: Let's hide the cert info in the developer's console. Mozilla: Why would you want to use your own certs? (They still don't support system cert stores. On windows it has to be manually enabled in about:config, under linux it doesn't work without manually modifying the user's NSS db.) Another Google: Hey, lets make it so that android apps can choose what to trust on an individual app basis. It's not like the users needed to change the cert store or revoke anything right?) Another Mozilla: Hey let's mandate that only things we bless can load in the browser with out anyway to override it. Also how's the latest crap extension that you can't remove coming along? Apple: It's apple, not much more to say here, you bought in to the walled garden. Microsoft: Still mostly irrelevant due to bad browsers. Windows 10 is still a nightmare though. If you can't refuse an update the trust system is useless due to it being easily compromised.

What's the next step after this? Requiring all internet connected devices to have an approved signature to ensure the installed keys haven't been altered? If so, then congratulations, you've completely removed the end user (the person most affected by the decision) from the decision making process about what to trust. You're worse than the NSA. At least the NSA has a mandate to snoop. You on the other hand have a self-imposed mandate of "I know what's best for you, so do as I say."

Also, your 4 MB chunk thing would make you a giant blip on the radar with any basic analysis of the connection logs. As would any other unusual connection pattern. Sure there may be hundreds of clients downloading the same file, but the constant chunking is most likely to be unique. As most clients will attempt to download the file in it's entirety by default.

Re: If the signature itself is tampered with

This. I still prefer native apps. If it doesn't have a native app, I don't use it.

Only exception is Wine. I use Wine sometimes in Mac and Linux.

Re: If the signature itself is tampered with

[tepples]

youtube doesn't cost me shit.

YouTube Red is a subscription service, and some movies and series are exclusive to YouTube Red.

Me reading a webcomic does not need encryption either.

Only if the particular webcomic is available without charge. If the webcomic is paywalled, it needs a subscription and therefore encryption.

Re:If the signature itself is tampered with

> How can you be sure that the SHA-256 value against which you are verifying the disk image hasn't itself been tampered with on its way to your device?

Uh, by verifying the digital signature of the download.

The public key of the publisher would be delivered via secure means (e.g. https), but the data can be transmitted over a non-secured transport. PKI based signatures primary goal is verifying data over non-secured transports. How do you think HTTPS works (tip: TCP/IP is a non-secured transport).

Re:If the signature itself is tampered with

[hairyfeet]

Because I give a flying flipping fuck if anybody knows I looked at some 70s Buck Rodgers action figures...why exactly? Lets be clear this SOLVES NOTHING when it comes to the REAL threats users see every.single.day. be it malware adverts or devices spying on them or needing a fricking stinger just to know if your cellphone is stealing all your data but hey this is SECURITY THEATER, all that matters is the appearance of doing something, right?

Oh and some more terrorists (wanna bet they were migrants let in thanks to open borders?) just ran over a couple of dozen people while screaming Aloha Snackbar so be sure to put up your "our hearts go out to (insert city name)" hashtag, after all it will do about as much as this will to stop actual threats.

Re:If the signature itself is tampered with

Downloading hash using HTTPS and file using HTTP. Sounds like a good compromise.

Re:If the signature itself is tampered with

[jeremyp]

But the web was never considered a munition, it was the software for doing encryption that was. i.e. the software that had to be embedded in web browsers like Netscape Navigator and Internet Explorer, both made in countries that had export restrictions on encryption.

Re:If the signature itself is tampered with

[Dagger2]

If you don't care that the site is unsafe, then just ignore the note that says it's unsafe.

But the warning will push sites to use HTTPS, which does fix real security and privacy problems. Admittedly there are some problems that HTTPS won't fix (like the site itself tracking you, or that squeaky hinge on your garden gate) but that's not a good reason not to use it.

Re:If the signature itself is tampered with

[Dagger2]

Let's Encrypt are who I was thinking of (for all I know there may be others, but if there are then they aren't making a lot of noise).

You don't need to download LE's software to get certs from LE. All you need is an ACME client (which can itself be used with any ACME-supporting CA). Some software, including Apache httpd, has built-in ACME support, and for other software I can see at least 3 ACME clients in the Debian repositories which should be just as trustworthy as any other piece of software in the repos. There is no particular reason to download anything from LE's site.

Don't forget that ACME clients are generally automated, so the time you spend setting them up is the only time you spend dealing with them. With CAs that don't support ACME, generally you are stuck manually renewing the cert every time it expires.

Re:If the signature itself is tampered with

[Dagger2]

Not entirely. In fact, everything I mentioned in my post other than cryptocurrency miners is possible without touching Javascript.

Re:If the signature itself is tampered with

[TheRaven64]

Netflix is using a completely different class of hardware than a home web server.

Most home network servers aren't using 40GigE, and most probably aren't using GigE. At these rates, TLS is trivial.

Mine is running on a Raspberry PI 2, which is totally overkill for the purpose, an old 486 would do fine.

On a Pi2, the bottleneck is going to be either the SD card or the USB bridge between the CPU and the network interface. TLS will not add any noticeable overhead.

Does Firefox still matter?

[bogaboga]

I guess it depends; but when your rival has about 5 times your market share, you do not matter that much...or do you?

Re:Does Firefox still matter?

You think other browsers won't also do this?

Re:Does Firefox still matter?

[markdavis]

Troll!?

So I suppose that Tesla doesn't matter much, since it is a very small fraction of cars sold by any of the major manufacturers. The band you might like doesn't matter because there are so many bigger ones. Linux (and MacOS) doesn't matter, since MS-Windows dwarfs desktop market share. Wind power doesn't matter much, since natural gas is a zillion times more market share. Yeesh.

How to Disable it

[jwhyche]

Outstanding. Now how will I disable this problem?

Re:How to Disable it

Outstanding. Now how will I disable this problem?

You can't, because it requires doing more than asking a question.

The rest of us can simply disable "security.insecure_connection_icon.enabled" in about:config.

Re:How to Disable it

[vlueboy]

The rest of us can simply disable "security.insecure_connection_icon.enabled" in about:config.

Oh?
Just like Firefox's extensions fiasco where some similar about:hack "allowed" your unapproved extensions to continue running if it wasn't publicly vetted by the mozilla version of an app store? That respite, like many Firefox moves was killed on v48 a year ago and blew away a Firefox extension that was developed in-house and had no business being available to the world. And just a year earlier? the Chrome and Safari side grenade exploded with a different "security" feature that cost us man hours, training and bug stabilization time. Browserwise, there is nowhere safe of these whims.

When Mozilla is saying the http sites will work "for a while" for local printers / routers, they're taking the haughty tone appropriate for someone saying we'll be allowed to be beggars at their house until they tire of taking pity on us... as if browser makers were paying US for using THEIR products. One reason open source projects aren't taken seriously, mind you, is present in that vacuous statement: unlike closed source companies like MS and Oracle, the statement of EOL comes with no hard dates. That's a red flag right there, considering Firefox has more or less had "courage" in announcing pulling the plug on other features or forcing unwanted garbage as well.

I'm tired after seeing the bleakness of all the bug threads with complaints of business burdens produced by these changes that just keep falling on deaf ears: All browsers do this deprecation game on a whim without any standards emporium behind the stupidity (though sometimes the W3C is part of the problem.) The only winning move is NOT to upgrade, because freedoms imaginaryly lost n% of the time to some unseen enemy in a potential hack are less concrete than the freedom lost right now for 100% of the time in the form of loss of value and features.

Re:How to Disable it

Outstanding. Now how will I disable this problem?

I suppose you could just refrain from looking at the icon in the address bar.

Or a better answer would be: how are you dealing with this problem right now and for the past few decades? Just adjust that process a bit.

Instead of a lock icon with "secure" vs no icon or label, now it will be a lick icon with "secure" or a different icon and the words "not secure"

However you have been dealing with the lack of an icon and the word "secure" right now, you can continue to do when it changes from no icon to a crossed out lock icon.

Beyond that nothing else needs to be done.

Secure Sockets Layer is great for Corporates

[Seven+Spirals]

SSL is a system where one worthless lying corporation (certificate authorities) gets to put a stamp of approval on another corporation (for money, of course - "what could go wrong"!?). I say the whole system sucks balls. I don't trust any of these fuckers. So what if some suit-wearing asshole thinks another suit-wearing asshole is trustworthy. That means exactly zero to me. All the things they check can be forged easily (and have been in several high profile cases). Rather than trust flowing from things & people I trust in reality (ie.. "100 actual friends of mine have ranked this site trustworthy"), the whole system is built on a game of Three Card Monty played by corporate thieves. None of this even touches on the overcomplicated and oft-broken technology at play in SSL (Heartbleed anyone?). While admittedly I don't have a great suggestion for how to fix it, I know what crap looks like when I see it.

Let's Encrypt is gratis

[tepples]

The only "certification company" to which you'd need to "pony up cash" is the domain registrar, which you need anyway for a public website. Once you have a domain, you can automate provisioning of certificates issued without charge by Let's Encrypt using an ACME client such as Certbot.

Re:Let's Encrypt is gratis

[TechyImmigrant]

I tried running Let's Encrypt's scripts and they crashed.

Re:Let's Encrypt is gratis

[sabri]

I tried running Let's Encrypt's scripts and they crashed.

Then you're not so 'techy' as your name implies. My 6 year old is capable of running them on her VM.

Re:Let's Encrypt is gratis

[TechyImmigrant]

I tried running Let's Encrypt's scripts and they crashed.

Then you're not so 'techy' as your name implies. My 6 year old is capable of running them on her VM.

Oh I can get them running all right. But they're as fragile as heck and don't work with any specific flavour of linux on any of my servers.

Re:Let's Encrypt is gratis

[Dagger2]

What scripts were you running? I've been using dehydrated and it hasn't been fragile at all, plus it's a bash script and bash is widely supported on pretty much any flavor of Linux I've ever used. You don't even have to run it on the machine that will be using the certs (though I did have to write a custom script to do DNS updates; presumably there are other clients that have that built-in).

There's also built-in support for ACME in some webservers (e.g. Apache) if you really can't get an ACME client running on at least one system.

Re:Let's Encrypt is gratis

Then they work for another one person, but not for the GP. You haven't contradicted what he said.

Re:Let's Encrypt is gratis

[TechyImmigrant]

It was months ago. I followed the instructions on the web site.

I'm not motivated to spend more time on it.

Re:Let's Encrypt is gratis

[sabri]

You haven't contradicted what he said.

I haven't indeed. But I told him that a 6 year old can get them working, so I would expect the same from someone who migrated to the U.S. under a specialized knowledge visa claiming to be a techie.

Re: Let's Encrypt is gratis

Your 6 year old is a fucking idiot. Their father is a fucking idiot. You didn't read anything he said. He said getting them to run wasn't the problem. Making sure they ran correctly/stable and did what they were supposed to do, that was his problem.

Again, we have recognized 2 idiots thus far. I bet your 6 year old also helped develop the Linux kernel while in your wifes' gut. As a fetus. Sorry Trump said we aren't allowed to use that word anymore, I meant Unborn baby.

Check sheet for lazy Mozilla

http clearnet = insecure
http cloudflare = insecure TLDR
http .onion = secure
http localhost = secure
http (IP on private network) = secure
else http = insecure

https clearnet = secure
https cloudflare = insecure TLDR
https .onion = double secure
https localhost = warn(selfsign), secure
https (private IP) = warn, secure
else https = secure

why does my site need to be secure

I am generally curious why someone would need EVERY site to be secured by https.

What about small businesses who dont offer any downloads or have any contact forms and as such their websites function like a digital flier. Those sites do not really need to have HTTPS certs and actually requiring them (as seems to be the future plans) creates extra burdens on a small company who rarely has a need to touch their web page much less manage certs.

In reference to what seems to be future plans:
https://blog.mozilla.org/secur...

"Q. Does this mean my unencrypted site will stop working?

Not for a long time.Transitioning the web to HTTPS is going to take some time. The first thing weâ(TM)re going to do is require HTTPS for new features. So whatever your website does today, it will still work for months or years."

Re:why does my site need to be secure

The one advantage that https provides to those websites that are static and only display data is that the https tries to insure that the data that was transmitted by the webserver is the data that arrived in your browser, that you didn't get MitM'd by your ISP (or theirs).

as for downloads, as long as you provide the sha256 checksum, anyone who cares can verify that what they downloaded over http (or ftp for that matter) is what you hosted.

Re:why does my site need to be secure

[Sloppy]

I am generally curious why someone would need EVERY site to be secured by https.

I can't answer that question, but this..

What about small businesses who dont offer any downloads or have any contact forms and as such their websites function like a digital flier.

.. is easy. You don't want ISPs altering the flier. And people may recall, one of the big calls to arms for the whole Network Neutrality thing everyone has been talking about, is that ISPs were altering web replies to insert ads. I've heard Comcast users even say that Comcast still communicates some kinds of things to their customers by just barging into whatever web page a user happens to have loaded, and changing it to include a message from Comcast. (Because apparently email is too hard.)

MitM can't only snoop; they can also change things.

Examples involving intranets, though, I can't possibly get into Firefox's head. I am pretty sure whatever reason they come up with, will be bullshit. But I guess I ought to hear 'em, first...

Re:why does my site need to be secure

[AHuxley]

The nice why? To save the world from the security services and their contractors changing unencrypted network connections globally.
Collect it all was easy without encryption.
Now encryption is a set standard global collection by the security services will not be so easy?

A more realistic thought would be to save ads. Ads now know they have a direct link into a browsers from a site. The browser trusts the site and now has to trust the sites ads.
Encryption keeps 3rd party ads out and paying site ads displayed.

Re:why does my site need to be secure

[swillden]

I am generally curious why someone would need EVERY site to be secured by https.

Because without https, you have no assurance that the data that arrived at your web browser was the data sent by the server you wanted to reach. https is usually thought of as a data secrecy mechanism, but it's also a data integrity mechanism, and while secrecy doesn't matter everywhere, integrity does.

Note that this is true even when you don't particularly care about whether the cat video you got was the cat video you wanted, because your browser and your computer are not secure. For the same reason you don't point your browser at the dodgy corners of the Internet -- because you may just get pwned -- going to trustworthy non-https sites can screw you if there happens to be anyone malicious on the route between your computer and their server.

Moreover, if we make a habit of encrypting All The Things, we don't have to worry about snoopers seeing something that we accidentally failed to protect. Its just good network hygiene.

Re:why does my site need to be secure

[thegarbz]

Whether your site needs to be secure or not is not for you to decide. It's up to the person potentially being persecuted for viewing it.

Re:why does my site need to be secure

[johannesg]

You'd think copyright law would be more than enough to stop that kind of behaviour though. Comcast is altering an original work without permission, for financial benefit, and as part of an organisation. Seems an easy court case...

Re:why does my site need to be secure

[dave420]

But by then it's too late. Preventing this sort of abuse is better than relying on a court case.

Re:why does my site need to be secure

[johannesg]

I'd say triple damages plus a racketeering conviction, followed by jail time for the CEO and a breakup of the company, should be enough to convince the next runner up that doing this is a fundamentally bad idea. But of course I could be wrong.

Who has 192.168.123.45 in your coffee shop?

[tepples]

http (IP on private network) = secure

How so? When your laptop or phone is on restaurant or public library Wi-Fi, you don't know who has 192.168.123.45. This is why the definition of a "potentially trustworthy origin" in the W3C candidate recommendation "Secure Contexts" includes localhost but not RFC 1918 private IP addresses.

Re:Who has 192.168.123.45 in your coffee shop?

Perhaps he would define that as "http (IP on public network)" or "else http".

Security fatigue

[WaffleMonster]

Thanks for pouring napalm on the fire.

Technically correct, in some situations

[neiras]

Let's say I'm downloading a file that's several GB, like a disk image. When I download it, I'll verify the signature. If it's valid, the file is usable. Encrypting the entire download is a waste of resources for both the server and client.

As long as the signature file was delivered over HTTPS and you didn't have any evil root certificate authorities installed on your client, you would be fine. If the insecure download was tampered with, signature verification would fail, as you say.

Encrypting downloads is not that big of a deal resource-wise these days, though. Why not let HTTPS handle MITM detection for you? ;) Most users won't check a sig file anyway.

The LAN FQDN problem in a previous AMA

[tepples]

I mentioned the same planned obsolescence concern in my question to Jacob at Let's Encrypt in an AMA on reddit a year ago.

How to use a private CA with BYOD?

[tepples]

How is "make and install your own certificates" practical when users bring their own devices, such as public library patrons bringing their laptops or phones to a branch or friends or relatives bringing their laptops or phones to someone's home?

Re:How to use a private CA with BYOD?

How is "make and install your own certificates" practical when users bring their own devices, such as public library patrons bringing their laptops or phones to a branch or friends or relatives bringing their laptops or phones to someone's home?

BYOD wireless network is not part of the "internal network", it is part of the "public network". Managed library staff computers would be part of the "internal network" and could be configured with homebrew CA certificates.

The BYOD wireless "public network" would need certificates from a public CA recognized by the browser, like Let'sEncrypt.

Similarly, BYOD on the home network should be segregated to an Internet-only guest wireless connection. Your approved devices could get greater access, using your homebrewed CA certificates if you wish.

Don't want to be a network admin? Don't run a network.

Re:How to use a private CA with BYOD?

[tepples]

Similarly, BYOD on the home network should be segregated to an Internet-only guest wireless connection.

That wouldn't help if you want to let guests print to your printer or view videos on your NAS.

Re:How to use a private CA with BYOD?

Similarly, BYOD on the home network should be segregated to an Internet-only guest wireless connection.

That wouldn't help if you want to let guests print to your printer or view videos on your NAS.

Your approved devices could get greater access, using your homebrewed CA certificates if you wish, but it's probably easier just to use Let's Encrypt.

Re:How to use a private CA with BYOD?

[tepples]

it's probably easier just to use Let's Encrypt.

As I wrote in my other comment, Let's Encrypt requires a fully-qualified domain name, not a 192.168 or .local.

Re:How to use a private CA with BYOD?

it's probably easier just to use Let's Encrypt.

As I wrote in my other comment, Let's Encrypt requires a fully-qualified domain name, not a 192.168 or .local.

Then roll your own CA, as you edited out of my earlier comment.

Re:How to use a private CA with BYOD?

[tepples]

I edited it out because nobody answered my previous question about practical methods of distributing the root certificate of "roll your own CA" to guests' devices.

Re:How to use a private CA with BYOD?

I edited it out because nobody answered my previous question about practical methods of distributing the root certificate of "roll your own CA" to guests' devices.

https://wiki.mozilla.org/CA:AddRootToFirefox

Re:How to use a private CA with BYOD?

[EvilSS]

I edited it out because nobody answered my previous question about practical methods of distributing the root certificate of "roll your own CA" to guests' devices.

Put the internal CA cert on your NAS with all your videos that your guests come over to watch while printing out their taxes. quick install and done.

Re:How to use a private CA with BYOD?

[TheRaven64]

No reputable CA will let you have a cert for the 192.168/16 subnet or anything in the .local TLD, because these hosts are not unique and foo.local on your network isn't foo.local on mine. The best solution for these is to give them global IPv6 addresses, but only open a pinhole in your firewall for the Let's Encrypt dialback. This lets you get a proper cert for them, but doesn't allow anything off network to access them.

Re:How to use a private CA with BYOD?

[thegarbz]

You don't manage user's BYOD? At my company if I chose to BYOD then I have to abide by the rules among which is a management program installed on my PC which enforces security measures AND installs the company's root certificate.

If you don't do this for BYOD you have bigger security issues then SSL.

Re:How to use a private CA with BYOD?

... a management program installed on my PC which enforces security measures AND installs the company's root certificate.

Sounds more like "compromise your own device". I do not trust any entity to be both benevolent (do not spy on people) and competent (keep the means to spy the people secure), at least for extended periods of time.

Re:How to use a private CA with BYOD?

That's not "bring your own device", it's "use your own money to pay for the companys device".

Re:How to use a private CA with BYOD?

[thegarbz]

Sounds more like "compromise your own device". I do not trust any entity to be both benevolent (do not spy on people) and competent (keep the means to spy the people secure), at least for extended periods of time.

Trust goes both ways. You want to bring your own because you're not happy with what you have fine. Do so. But do so under my our rules. Personal devices are a huge digital security risk to a company.

Re:How to use a private CA with BYOD?

[thegarbz]

Depends on how you define ownership. BYOD allows devices that are not part of the company purchasing agreement to be used, allows co-sharing of data with personal and private. BYOD has always been about using your own money to pay for a device under company control. Any company who doesn't do this will learn the hard way when their first idiot user loses a device with no pincode and critical information stored on it.

Re:How to use a private CA with BYOD?

[tepples]

Let's Encrypt can work with only access to the DNS server. But each household would still need to buy a domain and keep it renewed.

Re:How to use a private CA with BYOD?

[Albanach]

A wildcard SSL certificate is under $50/year.

Re:How to use a private CA with BYOD?

So do a port forward (or run a reverse proxy) and run a dynamic dns name and updater if need be. I have many internal sites (at home and at work) encrypted with Let's Encrypt. Zero issues so far.

Re: How to use a private CA with BYOD?

How is "make and install your own certificates" practical when users bring their own devices, such as public library patrons bringing their laptops or phones to a branch or friends or relatives bringing their laptops or phones to someone's home?

That is an internal network? Wow, you are an idiot tepples.

Re:How to use a private CA with BYOD?

[tepples]

That's a windfall to the CA industry of $50 per year times how many households?

Re: How to use a private CA with BYOD?

[tepples]

That is an internal network?

Yes. The resources in question are accessible only from within the library or home network, not through the Internet.

Visual Indicator

[sgage]

"...when activated will show a visible visual indicator..."

In my 35 years in the computer industry, I have always found that visual indicators that were visible were much more effective than ones that weren't. But then, I'm kind of old-school...

So... delusional

So.. these guys decide to break certificates further and decrease the point of having them to nil. Not only they are no longer doing revocation checking, but they will also nag users so much that the users will just turn this off, or all sites will start using the fake CA let's encrypt that issues certs to anyone for anything, but as they are copying all the bad (end user hurting things) that chrome does, they may as well go ahead and stop showing any information about the certificate chain.. From a point of view of somebody who has vested interest to part you (the end user) with your money, they have no interest into actually providing any security to you. Their vested interest is to present your eyeballs with as many ads per time as possible.. Enter Adam Langley decision to disable revocation in chrome in 2013.

Re:The bigger problem

[tepples]

The percentage covers only the subset of users who have opted into Firefox telemetry. If you want to make your votes not count, that choice is yours. Just don't whine when Mozilla cuts your pet feature for lack of usage share justifying the maintenance cost.

FFS

[fyngyrz]

Good thing that the cost is essentially zero on modern hardware, then.

You know what cost isn't zero?

Changing the billions of http: links on billions of web pages to billions of other web pages, that's what.

Firefox - and Google, for that matter - are damaging the very integrity of the net, ironically, while claiming to improve it. They're not improving it. This is anal-retentive nonsense. Not everything needs to be encrypted. If something does need to be encrypted, that falls into the realm of the reasonable decision of the page owner, not the web browser author or the search engine.

We've gotten along just fine without this nonsense thus far; I see no reason - other than the use of force by these bad actors - that we should have to arbitrarily change huge portions of the Internet.

You want to encrypt, go ahead. You can if you want. And of course, if you do, it'll be fine. But using force to make you do it... no. That's just evil.

And we know that browser warnings will put people off. This isn't an "otherwise-harmless" act. It'll do real damage.

Re:FFS

Good thing that the cost is essentially zero on modern hardware, then.

You know what cost isn't zero?

Changing the billions of http: links on billions of web pages to billions of other web pages, that's what.

Firefox - and Google, for that matter - are damaging the very integrity of the net, ironically, while claiming to improve it. They're not improving it. This is anal-retentive nonsense. Not everything needs to be encrypted. If something does need to be encrypted, that falls into the realm of the reasonable decision of the page owner, not the web browser author or the search engine.

We've gotten along just fine without this nonsense thus far; I see no reason - other than the use of force by these bad actors - that we should have to arbitrarily change huge portions of the Internet.

You want to encrypt, go ahead. You can if you want. And of course, if you do, it'll be fine. But using force to make you do it... no. That's just evil.

And we know that browser warnings will put people off. This isn't an "otherwise-harmless" act. It'll do real damage.

Good! Apart from middlemen (i.e. ISPs that don't need to bother with NN anymore) messing with your data, encrypting everything (no matter how mundane) on the net adds to everyone's security as it makes it harder to know what to try and break. You are just going to need to deal with it.

Re:FFS

[lucasnate1]

Sure, because http can't redirect to https at all.

Re:FFS

[Zero__Kelvin]

Calm down Sally. They aren't stopping anyone from using HTTP, they are merely making sure uses are aware that their connection is not secured. They aren't breaking anything. The fact is that the S in HTTPS is the secure part, and without that S your connection is not secure. If communicating facts to the user is breaking things then lets hope more people start breaking things.

Re:FFS

[ArchieBunker]

Can you even trust HTTPS anymore? I thought the feds had all the master keys.

Re:FFS

[MeNeXT]

The absence of a green lock should be more than enough

Re:FFS

[Aristos+Mazer]

> We've gotten along just fine without this nonsense thus far;

No, we haven't. You mention "other than the use of force by these bad actors" -- yes, exactly, that is the sole and complete reason for us having to secure the Web. If you can find a way to force people to stop attacking the integrity of the network, we can avoid this change. But otherwise, help out by grepping /s/http/https in pages you own.

Re:FFS

[Aristos+Mazer]

> Either way you are effectively stopped from using HTTP > unless you pony up to a CA and pay for more HTTPS certificates. Use Let's Encrypt for free certificates.

Re:FFS

[thegarbz]

Changing the billions of http: links on billions of web pages to billions of other web pages, that's what.

Err do you know how the internet even works? This problem is very easily solved on the server side.

Re: FFS

[Zero__Kelvin]

The absence of information is the opposite of information.

Re: FFS

[Zero__Kelvin]

It is 2017. SSL certs are free. And nobody is "popping up" any notices. They are accurately showing a "Not secure" lock icon.

Re: FFS

Somebody tell that to Let's Encrypt, because they can't seem to come up with a solution that doesn't require one to either:

A) Hire someone to manage certificates.

B) Download and run untrusted software, which of course is only an option for people who care less about security than those sticking with plain HTTP.

Re:FFS

They don't need all the master keys. They only need one.

But most countries, including places like Turkey and China each have their own CA and thus their own master key, and every single one can generate certificates for any domain.

Re:FFS

[Dagger2]

HTTPS itself is fine, but some of the algorithms it can use are questionable. In particular, the NIST p curves (which are the most widely supported curves used for elliptic curve cryptography) are mega suspicious -- the method for picking them was to have an NSA employee tell NIST "here are the curves you're going to use". Also, the justification for those curves was their performance, yet they aren't actually very fast, _and_ they have certain characteristics that make it easy to screw up your implementation. One wonders why the NSA wanted these particular curves to be standardized rather than a different set.

There is now the much better choice of Curve25519, but it has only recently gained support in TLS libraries and browsers.

(If you want more detail on the issues with NIST's p curves, see this talk, and if you're wondering whether the NSA would really try to undermine a public standard, see the Dual EC random number generator.)

Re:FFS

They are 'herding' the encryption by shovelling it into throats of people that don't need it. Main reason for doing this is to create enough noise for those that really hide something, to keep them out of government spying tentacles (as governments are the only ones really capable of worldwide wiretapping of internet).

Re: FFS

[Zero__Kelvin]

Simply googling "online letsencrypt cert generation" would have saved you from stating this misinformation.

So what

Thanks to most of my security addons no longer working, this protection means almost nothing. I have gone to CyberFox.

I'm more concerned about

[bobstreo]

ftp;//

telnet://

smb://

I got a nice Let's Encrypt certificate than auto-renewed, and I've pushed any external HTTP requests to HTTPS on my router.

And I have a pretty big list of CIDR ranges and URL strings that result in blocked transactions.

Re:I'm more concerned about

ftp://

telnet://

smb://

I got a nice Let's Encrypt certificate than auto-renewed, and I've pushed any external HTTP requests to HTTPS on my router.

And I have a pretty big list of CIDR ranges and URL strings that result in blocked transactions.

Domain-validated vs. Extended Validation

[tepples]

It's why a CA can charge hundreds of dollars to perform 50ms of compute effort.

The "50 ms of compute effort" certificates are domain-validated, with just CRL and OCSP as ancillary services. Those typically cost $15 for three years (ssls.com) or nothing for 90 days (letsencrypt.org). The certificates that cost hundreds of dollars are Extended Validation, which ensure not only a connection between the certificate and the domain owner but also that a vandal isn't typosquatting the domain itself. These often come with greater insurance guarantees.

Re:Domain-validated vs. Extended Validation

[TechyImmigrant]

It's why a CA can charge hundreds of dollars to perform 50ms of compute effort.

The "50 ms of compute effort" certificates are domain-validated, with just CRL and OCSP as ancillary services. Those typically cost $15 for three years (ssls.com) or nothing for 90 days (letsencrypt.org). The certificates that cost hundreds of dollars are Extended Validation, which ensure not only a connection between the certificate and the domain owner but also that a vandal isn't typosquatting the domain itself. These often come with greater insurance guarantees.

And all those services and fees have nothing to do with my options for securing my own stuff. In fact they just make things worse.
As I wrote on another thread, I ran Let's Encrypt's scripts and they crashed. It's a joke built with shoddy code.

I built a CA once, with bespoke software, a screened room, air gaps, man traps and the whole malarky. All to certify communication devices, because all the cert vendors were not interested in selling certs for a few cents each for millions of devices.

The more I have dealt with the cert industry, the more I hate it.

Re:Domain-validated vs. Extended Validation

[thegarbz]

As I wrote on another thread, I ran Let's Encrypt's scripts and they crashed. It's a joke built with shoddy code.

Did you file a bug report? There's millions of people who had no problem running the scripts on wide variety of hardware and software.

The more I have dealt with the cert industry, the more I hate it.

So you should be on board with what Lets Encrypt is trying to do, which is removing the unnecessary garbage from the CAs for what is handled by a simple automated domain ownership check.

Re:Domain-validated vs. Extended Validation

[Octorian]

So you should be on board with what Lets Encrypt is trying to do, which is removing the unnecessary garbage from the CAs for what is handled by a simple automated domain ownership check.

Lets Encrypt is probably a great option if you're trying to secure a general purpose Linux server somewhere.
But if you're trying to secure something their scripts won't run on, then its a PITA that isn't really helping.
Most of what we're complaining about is stuff their scripts won't run on.

Re:Domain-validated vs. Extended Validation

[thegarbz]

No most of what we're complaining about is stuff that isn't associated with a domain name, that's nothing to do with Lets Encrypt.

Re:Domain-validated vs. Extended Validation

[TechyImmigrant]

No most of what we're complaining about is stuff that isn't associated with a domain name, that's nothing to do with Lets Encrypt.

In my case, both with and without.

I have public facing servers with domain names and I develop security solutions in physical products which do not. Let's Encrypt didn't work for the former. X.509 didn't work for the latter.

Re:Domain-validated vs. Extended Validation

[TechyImmigrant]

>So you should be on board with what Lets Encrypt is trying to do, which is removing the unnecessary garbage from the CAs for what is handled by a simple automated domain ownership check.

My preference is to kill X.509 and all that goes along with it and replace it with something better.
I've been actively working on that for years, but I have low expectations of success.

Of cause they should have named it Let's Authenticate, but that's a quibble.

When your friends BYOD

[tepples]

Forge a cert for yourself, it's not hard.

It's a bit harder to get the devices of friends and relatives visiting your home to trust the certificate of your private CA so that they can (say) view the videos on your NAS or print to your printer. In addition, Android displays a persistent warning about "Network monitoring" if a private CA certificate is installed.

Re:When your friends BYOD

[PixetaledPikachu]

Forge a cert for yourself, it's not hard.

It's a bit harder to get the devices of friends and relatives visiting your home to trust the certificate of your private CA so that they can (say) view the videos on your NAS or print to your printer. In addition, Android displays a persistent warning about "Network monitoring" if a private CA certificate is installed.

Allowing friends or relatives on a private network is even more reason to do https. There's no polite way on how to screen whether they are running ARP poisoning to sniff traffics.

Re:When your friends BYOD

[tepples]

In this case, would you recommend that every householder buy a domain for the home network and keep renewing it?

Re:The bigger problem

[campuscodi]

Univ. of Michigan, Firefox, and Cisco researchers founded the Let's Encrypt project.

Will break WiFi captive portals

Every Wifi captive portal now wont work as the redirect will fail, coffee shops, guest wifi, all broken, great.

Re:Will break WiFi captive portals

[WaffleMonster]

Every Wifi captive portal now wont work as the redirect will fail, coffee shops, guest wifi, all broken, great.

I don't know the details by default Firefox transmits some kind of captive portal probe to determine this. You can see it go over the network if you run a capture when starting Firefox.

Re:Will break WiFi captive portals

[tepples]

Theoretically, guest Wi-Fi should be presenting the terms in a RADIUS access challenge instead of HTTP interception anyway.

Still nothing protecting the back end

And even doing this, there is still no additional benefit for the servers themselves. Secure the transmission all you like, but if you mess up your server security, then bad-guy (even state actors) don't need to worry about breaking ssl, they can just get all the stuff on the server itself.

Use HSTS

[tepples]

Changing the billions of http: links on billions of web pages to billions of other web pages, that's what.

If your HTTPS server sends the Strict-Transport-Security header for one request, the browser will automatically rewrite subsequent requests to http: scheme URLs on the same domain to use the https: scheme instead. If you enable this long-term for all subdomains, you can get the header "preloaded", or included with the browser itself so that even the first request gets rewritten. The HTTPS Everywhere extension by EFF is an additional source of preloads.

Yes. Everything needs to be encrypted.

Contrary to what the idiots in this comment section are saying. Everything needs to be encrypted. The only way to fight GO/NGO network surveillance is to completely drown out their ability to selectively listen. Encrypt it all and then they'd have to capture, store, and crack all of it to get any analysis done.

Seems OK

[markdavis]

>"a red line striking through a classic lock that's normally used to signal the presence of encrypted HTTPS pages"

Really, that sounds OK to me. it is a reasonable warning "for the masses." But ONLY if it stops there. No pop-ups, no dialogs, no animation, no nagging, no striking through the URL, etc.

Not everything needs to be https, and things that aren't are not necessarily any problem. Mozilla can have bonus points by keeping the about:config that allows the user to en/disable the insecure http icon feature.

Fake domain registrars too

[tepples]

all sites will start using the fake CA let's encrypt that issues certs to anyone for anything

By the same criteria under which Let's Encrypt is a "fake CA", the vast majority of domain registrars are "fake registrars". They'll issue domains such as bankofarnerica.com to typosquatters and phishers and then not do anything until someone brings action pursuant to UDRP.

Mozilla shoudn't be calling websites insecure

When it abuses its trust to put in unwanted extensions like looking glass and pocket. I also expect that all browsers will betray their users eventually, as the temptation to exploit their users becomes too great.

Sure, but don't go overboard

Given Mozilla's track record, they're likely to implement a "next step" three months down the road where everybody is FORBIDDEN from loading non https websites, with no option to override it.

That's just how they roll over at the Mozilla Foundation.

Re:Sure, but don't go overboard

You're an idiot.

breaking web proxies is stupid.

[anon+mouse-cow-aard]

I run software that distributes non-sensitive data across wide area networks... many people at each site want the same data, so I stick a web caching proxy on the site, and the big data (many gigs worth) are all transferred once, and then served from the local caching proxy. encrypting means the caching proxy needs to man-in-the middle, or it's just borked. stupid.

Re:breaking web proxies is stupid.

[Wootery]

It seems to me that web caching of this sort is essentially the only argument for using plain old HTTP.

TheRaven has already made a strong case against the think-of-the-CPU-overhead argument, but breaking web caching is a legitimate downside of HTTPS. Ideally there'd be an automatic checksum check after downloading over plain HTTP. Fun fact: this is precisely what Steam does. If they used a proprietary protocol, or HTTPS, then caching (whether by ISPs or by 'local' sysadmins) wouldn't be possible, to the detriment of both the customers and Valve.

Port 80 for HTTP, 443 for HTTPS.

Do they encrypt the URL?
Do they encrypt the web login?
Do they store the obscurity-encrypted passwords in anywhere?

Idiotic

[slashmydots]

Oh good, now I can pay like $100 a year for an encryption cert that I don't need just to run my static, read-only website that tells people what my business does and where it is and how to contact me. Awesome.

Re:Idiotic

Some providers throw in a free cert. I know I'm offered one with my $20 a year QuadraNet VPS, from Thawte. I really wish that was a more common perk as some us want something from a less Mickey Mouse feeling organization than LetsEncrypt.

Re:Idiotic

When did you last look into SSL? 2005?

Get a free cert from LetsEncrypt.

Re:Idiotic

Oh good, now I can pay like $100 a year for an encryption cert that I don't need just to run my static, read-only website that tells people what my business does and where it is and how to contact me. Awesome.

Or use Let's Encrypt for free.

Re:Idiotic

[iggymanz]

that's bullshit, requires software they may not work with a given web server or stack. 90 days expiration and auto-renewal may not work with your stack/gear.....

https is totally unecessary for many sites

the way https is now is a money making scam for a certain cartel, the real solution has to involve disposing the current tech of those parasites

Re:Idiotic

[Spamalope]

And your router, laser printer, ip cam, smart tv, steam link, nvidia shield, desktops those two connect to, ip thermostat, NAS and Voip box. Every single thing with an admin page in fact.

Someone sarcastically mentioned the answer is 'cloud base admin pages' so you can be tracked - and sold an 'admin' service with a monthly fee and I'm afraid they're right... dammit.

Re:Idiotic

[thegarbz]

$100? Shit mine was free. You overpaid.

Re:Idiotic

[Dagger2]

LE's software mostly works with everything. It generates standard SSL certs that you can install with a script, and if you can't get that working then either you don't know enough to be running a public server on today's internet or your software/devices are utterly broken and need to be fixed.

the way https is now is a money making scam for a certain cartel

I just can't fathom how you could say this when you clearly know that LE exists. If you have some situation where LE doesn't work and yet a paid CA does work, surely the scam is being pulled by whoever created that situation?

Re:Idiotic

[houghi]

Did a search and I found free ones and very cheap ons (like 5USD per year) that will be good enough for that. https://www.thoughtco.com/chea...
Not looked to far into it yet.

Re:Idiotic

[javaguy]

CloudFlare ( https://www.cloudflare.com/ ) has a free tier that can provide https and a CDN at no cost. Pay for a plan if you need any of the features. Otherwise, as others have said, use Let's Encrypt. I use both for different sites, they both work well.

Re:Idiotic

[iggymanz]

I know of plenty of situations exactly like that, hence the word "cartel". you think you'll be doing e-commerce with clients who have to load your new cert into their trust store every 3 months and lose business during the wait.

what a laugh

Re:Idiotic

[Dagger2]

If you have an ecommerce site that requires downtime to rotate certs, then you have a problem that needs fixing. If you really can't fix it for some reason, then it just makes automation even more important to you.

Re:Idiotic

[iggymanz]

You're confused, the changing itself causes the downtime because the other parties need to take your changed cert and load it into their trust store. Just making that statement shows you have no real world career experience.

Re:Idiotic

[Dagger2]

Ah, I see -- you're not talking about downtime on the server side, but rather a scenario where the website (or API or...) clients are whitelisting particular cert fingerprints, and the new cert needs to be added to the client-side whitelist before it can be used.

(I interpreted "clients" as being people paying for your contracting services.)

But I still don't see that downtime is necessary here. Just tell the clients the new cert fingerprint ahead of starting to use it.

And yet firefox hides http:// by default..

The geniuses at Mozilla decided to hide the http: prefix from the user some time ago, so instead of http://www.cnn.com/ the user sees www.cnn.com

The http: prefix indicates that THERE IS NO ENCRYPTION.

Why hide it from the user and then add a non-standard indicator that there is no encryption?

So many UI designers should be shot...

Re:And yet firefox hides http:// by default..

I'm confused, both by the story and your response.

To your response: I'm looking at the address bar of my Firefox right now, and the https:// is clearly visible.

To the story: I have an http:// connection open in another tab, and there's an icon beside it of a padlock with a line through it, and a little 'information' icon beside that. Isn't that a visual clue that it's not encrypted?

Conspiracy

I find it very strange that browser vendors, first refuse to implement dnssec/dane,
and now want to force everybody to buy an https certificate?!

wonder how much they get in return from the certificate authorities..

without crypto, sites can be spoofed / MITMed

This is completely retarded. Not every site needs https.

Given that government agencies have spoofed traffic from sites that are non-encrypted to get at victims suggests otherwise:

As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the Internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

* https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
* https://www.itworld.com/article/2702513/it-management/british-spies-reportedly-spoofed-linkedin--slashdot-to-target-network-engineers.html

If you are an employee of an organization that someone wants into, then you are a target. Currently these attacks are state-level, but I wouldn't be surprised that the technology will eventually 'trickle down' to the "merely" criminal.

Don't worry about it

Trump will make HTTPS illegal soon enough as it hampers american security initiatives

No user input or $ - HTTPS not needed

Suppose a small school or social club had a website of 5 pages. Suppose those pages didn't have any user input or financial transactions. Just welcome, about us, a few pictures, and "The next meeting is on Friday, Dec. 22."

That website doesn't need https.

Need browser that is not so annoying

When I click on a link, I expect to be redirected to that link, period

If the link is broken, or if the wait is too long, tell me

But please stop bothering me with 'this is not secure', 'that may be dangerous' crap

Is there a browser that does not annoy users with all the unnecessary craps?

Who cares?

[Ol+Olsoc]

Firefox has become overrun by nannies lately, and is now purposely breaking itself. I've dumped it for Chrome. Not that I'm wild about Chrome, but at least it hasn't become a malfunctioning mess. Say hi to Netscape for us when you reach your destination, Mozilla.

Re:Who cares?

I expect chrome, and msie, to go the same way.

Re:Who cares?

[Ol+Olsoc]

I expect chrome, and msie, to go the same way.

Then I expect them to take responsibility that https is 100 percent secure.

Unintended Consequences

[Dangerous_Minds]

It does concern me about some of the smaller sites struggling to survive. If a hypothetical site is barely able to pay the server bills, the last thing they need is an additional $15 charge per year (or more) tacked on just to allow a percentage of users to access their site without having users complain about alarms blaring that it's an unsecured site. I mean, sure, $15 a year doesn't sound like much, but if you're not a major site pulling in hundreds off of ad impressions or subscription fees, that seemingly small fee is going to sting on the bottom line. No matter how you slice it, this is going to raise the barrier for entry for new sites.

This added to what is going on with the destruction of network neutrality in the US is almost like pouring salt on the wound. The number of users being able to reasonably access your site may very well drop, but Mozilla decided that web admins need to add another layer of security that come with fees in the process.

Re:Unintended Consequences

[Dagger2]

I have some good news for you: you don't need to pay $15/year for an SSL cert. There is at least one CA providing certs for free, via a generic and open protocol called ACME.

A few years ago you would have had a point, but not today.

Re:The bigger problem

[Waccoon]

Haha... you think they actually give a hoot about that telemetry data? Management makes their decisions and then interprets the telemetry to justify their posisions, no the other way around.

Remember, Microsoft collected huge amounts of telemetry with Windows7. The result was Windows 8.

double facepalm

Has Mozilla hired someone to ruin Firefox? Based on the BS they've done the last months It seems to be the only obvious explanation. Firefox has become an unmitigated disaster. Mozilla, please explain again why I should donate anything.

Certificate Transparency

[tepples]

A browser can be configured to trust a particular CA only if the CA submits all certificates it issues to a Certificate Transparency log. I seem to remember at least Symantec being put in this penalty box.

Re:The bigger problem

Pretty sure telemetry was added in Windows 7 after 8 had already launched.

MITM

Considering that most companies run MITM attacks against their workers, can we really say that SSL is secure anymore?

Really necessary?

What about sites that require no login, and have nothing to do with money?

Say what?

...a secret configuration option that when activated will show a visible visual indicator...

So I guess with responsive web design, it would be an invisible visual indicator??

DDNS runs up against Let's Encrypt rate limit

[tepples]

run a dynamic dns name

Many domains used by dynamic DNS providers are still not on the Public Suffix List. If a domain is not on the Public Suffix List, Let's Encrypt won't issue more than 20 certificates in a 7-day period for subdomains of that domain. (Source: Let's Encrypt rate limits; Ratelimit for dyndns domain) Instead, the service will produce an error message to the effect:

Error: rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: no-ip.biz

This means 20 other customers of the same dynamic DNS provider are likely to have already obtained their certificates before you have a chance to.

Just wondering

Once the internet is "secured", what is to prevent CA from shutting down websites they don’t like by simply revoking the certs?

not so fast...

No. A broken lock denotes broken SSL (bad DNS, expired cert, self-signed. you name it). Marking all plaintext sites with some sort of broken lock icon turns firefox into a bad actor.