in oppressive countries the government might want to know everyone who visits a particular page (organising a protest) on a website with thousands of pages, but not care about the other pages.
If the protest is organized on a website dedicated to a particular cause, such as https://righttochoice.example/events/2018/, the authoritarian government can already see the righttochoice.example hostname through inspection of both DNS and ClientHello.
It's like they know you are visiting a brothel, just not what you are doing in there.
Also, DNS is still unencrypted [...]
There are many-many attacks that don't require complete knowledge of the contents of web traffic to work
The things that are not encrypted are the DNS queries and the IP address of the endpoints.
Grandparent's point is that "There are many-many attacks that" need only "the DNS queries and the IP address of the endpoints" "to work." If the authoritarian government knows you're visiting a URL that begins with https://abortionhelp.example/, you're already in trouble.
Hell, goddamn chrome won't even let me make exceptions for "invalid" certificates anymore.
Which invalid certificate, and what are you seeing (screenshot please)?
Like Alex Haley, we should go back to our roots of pure HTTP in ASCII (I'll accept 8 bit, not more than that, you unicode weenies can go... take a long walk off a short pier!)
Please explain to me how you would encode Korean or Japanese in an 8-bit encoding.
3. If you are using an ISP that attempts to alter via caching or otherwise your web traffic, you need a new ISP.
Many people who need a new ISP are unable to meet that need because meeting that need would require moving to a different city or even a different country.
Second it's more effective for ISPs to forego their own caching and simply let CDNs with their colocated edge caches handle the task.
Provided your ISP can afford a large enough uplink to the Internet to reach the CDN's nearest edge cache. Say you operate IT for a school in sub-Saharan Africa behind an ISDN (0.13 Mbps) connection to the Internet, and you want to let all 25 students in a particular classroom read a particular Wikipedia article. The CDN's nearest edge cache is on the other side of your connection. Under cleartext HTTP, your caching proxy could retrieve the article once on behalf of all devices on the network and then serve it up to students' devices. HTTPS inflates this by a factor of 25 because the nearest cache must serve the article across that link 25 times. Would it be better to add a private CA and HTTPS MITM to your caching proxy in order to continue achieving the 25-fold reduction in Internet data volume?
apparently a popular use of Let's Encrypt is to provide SSL certificates for Paypal phishing sites
Apparently a popular use of Namecheap is to provide domains for PayPal phishing sites. Why not mark Namecheap as likewise untrusted, and continue to distrust registrars one by one until only the most expensive registrars remain?
It solves a very real problem: Undetectable snooping on and/or content modification by a man in the middle. Just ask any Comcast customer
Blocking attacks like those of Comcast requires Integrity and Authentication but not Confidentiality. Confidentiality on public websites makes it far harder logistically for, say, a school to run a caching proxy for the benefit of its students and faculty.
HTTPS provides all of Confidentiality, Integrity and Authentication. Cleartext HTTP provides none. What provides Integrity and Authentication without Confidentiality?
Then what should I do for integrity and authentication without confidentiality, so that an intermediate cache can preserve the integrity and authentication properties?
The cert just guaranteed that the site the user is trying to connect to is in fact the site they are connecting to, and they are free.
A certificate for the HTTP adminstration interface of a device on your home LAN isn't free unless you have already purchased a domain to use for devices on said LAN.
So now in this brave new world you are required to be 'certified' to put up a web site.
That's been the case since the Internet was available to the public. How often do you use a literal IPv4 or IPv6 address to visit a public website without getting it "certified" by a domain registrar? Once you own a domain, Let's Encrypt is willing to issue a certificate without charge.
[Let's Encrypt] requires a little extra setup work on the part of the webmaster but, other than that, what great problems do you see with that scheme?
I see two problems.
One is with web hosting that charges more to install a third-party certificate than to purchase and install a certificate issued by the CA that the hosting provider resells. One example of this is Volusion, an e-commerce host.
Another is sites on your local area network (LAN). Like other CAs trusted by your browser, Let's Encrypt issues certificate only to the owner of a domain, not for hosts in 192.168/16 or.local, and there are severe rate limits that affect users of the free subdomain that a dynamic DNS service may provide. A lot of heads of household don't want to have to buy a domain and keep it renewed just to put up a router, printer, or NAS on a home network.
once you've got the infrastructure in place then it's relatively easy to switch to any other CA that implements the ACME protocol.
Provided any other CA ever gets around to implementing the ACME protocol. Most other major CAs heavily promote their Extended Validation products, and I don't see how ACME would help achieve that.
Many connections are so fast now, there's no need to do MITM caching.
And many aren't, particularly in places like sub-Saharan Africa where you might have 25 people sharing a 128 kbps link. What's worse: someone seeing what Wikipedia articles you're reading, or not being able to read them at all because your ISP hit its daily cap downloading separate copies of the article for other users?
The ClientHello shows only the domain name, not the particular path within the domain. For example, it shows only that you visited WebMD, but the identity of particular document you are viewing is encrypted. All an eavesdropper can do is traffic analysis on approximate document lengths, and there are mitigations for even that.
Anyhow, https is nearly free - why shouldn't it be used everywhere all the time?
Because don't CAs don't issue certificates for 192.168/16 or the mDNS reserved domain (.local), HTTPS between devices on your LAN requires either buying a domain or running your own CA and installing its root on all devices on your network. The latter is difficult on many platforms.
The path and query string of the specific document you are visiting is itself private information. If, for example, it's a document on WebMD about a particular medical condition, your interest in the condition can be used against you or your family.
HTTPS also provides authentication that an intermediate actor didn't tamper with the connection. Comcast is known to inject advertising scripts into HTML documents delivered through cleartext HTTP.
The difference is that one can participate in Slashdot with script* off. A lot of websites are structured in such a way as to block people from even viewing them without running script. Some of it is accidental, especially for rich web applications where progressive enhancement would prove impractical. (Anti-script hardliners would prefer that operators of such services make a native client application available to the public in source code form.) But lately, other dependencies on script are deliberate in an attempt to deny the text of an article to someone unwilling to download and view third-party advertising or mine cryptocurrency.
* In this comment, "script" is any computer program delivered by a website and automatically run in a web browser, including without limitation JavaScript, ActionScript bytecode, JVM bytecode, CIL, and WebAssembly.
The problem is not only with JavaScript but also with WebAssembly. What they have in common is that a computer program chosen by the operator of a website that you are visiting executes on your computer before you have an opportunity to audit the program (or hire someone to do so). Operators can and habitually do collude to use this browser capability to run scripts that track users, exfiltrating information about each viewer's identity.
So long as a particular workload doesn't use pointer-heavy algorithms (which video decoding doesn't), the performance benefit of x86-64's additional general purpose registers is likely to outweigh the data cache hit of larger pointers.
SHA256 is a one way hash. Content is not encoded nor encrypted through SHA256.
From any one-way hash function, one can derive a stream cipher by running it in counter mode. Daniel J. Bernstein called this construction "Snuffle". But I don't know whether the Nintendo 3DS uses Snuffle.
Slashdot Mirror
it's not illegal
How can you be so sure that a particular document on a particular site is legal in all 200 or so countries, especially yours?
in oppressive countries the government might want to know everyone who visits a particular page (organising a protest) on a website with thousands of pages, but not care about the other pages.
If the protest is organized on a website dedicated to a particular cause, such as https://righttochoice.example/events/2018/, the authoritarian government can already see the righttochoice.example hostname through inspection of both DNS and ClientHello.
It's like they know you are visiting a brothel, just not what you are doing in there.
Also, DNS is still unencrypted [...]
There are many-many attacks that don't require complete knowledge of the contents of web traffic to work
The things that are not encrypted are the DNS queries and the IP address of the endpoints.
Grandparent's point is that "There are many-many attacks that" need only "the DNS queries and the IP address of the endpoints" "to work." If the authoritarian government knows you're visiting a URL that begins with https://abortionhelp.example/, you're already in trouble.
Hell, goddamn chrome won't even let me make exceptions for "invalid" certificates anymore.
Which invalid certificate, and what are you seeing (screenshot please)?
Like Alex Haley, we should go back to our roots of pure HTTP in ASCII (I'll accept 8 bit, not more than that, you unicode weenies can go... take a long walk off a short pier!)
Please explain to me how you would encode Korean or Japanese in an 8-bit encoding.
3. If you are using an ISP that attempts to alter via caching or otherwise your web traffic, you need a new ISP.
Many people who need a new ISP are unable to meet that need because meeting that need would require moving to a different city or even a different country.
Second it's more effective for ISPs to forego their own caching and simply let CDNs with their colocated edge caches handle the task.
Provided your ISP can afford a large enough uplink to the Internet to reach the CDN's nearest edge cache. Say you operate IT for a school in sub-Saharan Africa behind an ISDN (0.13 Mbps) connection to the Internet, and you want to let all 25 students in a particular classroom read a particular Wikipedia article. The CDN's nearest edge cache is on the other side of your connection. Under cleartext HTTP, your caching proxy could retrieve the article once on behalf of all devices on the network and then serve it up to students' devices. HTTPS inflates this by a factor of 25 because the nearest cache must serve the article across that link 25 times. Would it be better to add a private CA and HTTPS MITM to your caching proxy in order to continue achieving the 25-fold reduction in Internet data volume?
apparently a popular use of Let's Encrypt is to provide SSL certificates for Paypal phishing sites
Apparently a popular use of Namecheap is to provide domains for PayPal phishing sites. Why not mark Namecheap as likewise untrusted, and continue to distrust registrars one by one until only the most expensive registrars remain?
It solves a very real problem: Undetectable snooping on and/or content modification by a man in the middle. Just ask any Comcast customer
Blocking attacks like those of Comcast requires Integrity and Authentication but not Confidentiality. Confidentiality on public websites makes it far harder logistically for, say, a school to run a caching proxy for the benefit of its students and faculty.
HTTPS provides all of Confidentiality, Integrity and Authentication.
Cleartext HTTP provides none.
What provides Integrity and Authentication without Confidentiality?
Then what should I do for integrity and authentication without confidentiality, so that an intermediate cache can preserve the integrity and authentication properties?
The cert just guaranteed that the site the user is trying to connect to is in fact the site they are connecting to, and they are free.
A certificate for the HTTP adminstration interface of a device on your home LAN isn't free unless you have already purchased a domain to use for devices on said LAN.
So now in this brave new world you are required to be 'certified' to put up a web site.
That's been the case since the Internet was available to the public. How often do you use a literal IPv4 or IPv6 address to visit a public website without getting it "certified" by a domain registrar? Once you own a domain, Let's Encrypt is willing to issue a certificate without charge.
[Let's Encrypt] requires a little extra setup work on the part of the webmaster but, other than that, what great problems do you see with that scheme?
I see two problems.
One is with web hosting that charges more to install a third-party certificate than to purchase and install a certificate issued by the CA that the hosting provider resells. One example of this is Volusion, an e-commerce host.
Another is sites on your local area network (LAN). Like other CAs trusted by your browser, Let's Encrypt issues certificate only to the owner of a domain, not for hosts in 192.168/16 or .local, and there are severe rate limits that affect users of the free subdomain that a dynamic DNS service may provide. A lot of heads of household don't want to have to buy a domain and keep it renewed just to put up a router, printer, or NAS on a home network.
once you've got the infrastructure in place then it's relatively easy to switch to any other CA that implements the ACME protocol.
Provided any other CA ever gets around to implementing the ACME protocol. Most other major CAs heavily promote their Extended Validation products, and I don't see how ACME would help achieve that.
Many connections are so fast now, there's no need to do MITM caching.
And many aren't, particularly in places like sub-Saharan Africa where you might have 25 people sharing a 128 kbps link. What's worse: someone seeing what Wikipedia articles you're reading, or not being able to read them at all because your ISP hit its daily cap downloading separate copies of the article for other users?
I wouldn't do anything on a work device that I didn't want my IT department seeing. Meaning I'll use my mobile phone to do all those things.
Connecting your mobile phone to work Wi-Fi would put your mobile phone behind the same proxy.
The ClientHello shows only the domain name, not the particular path within the domain. For example, it shows only that you visited WebMD, but the identity of particular document you are viewing is encrypted. All an eavesdropper can do is traffic analysis on approximate document lengths, and there are mitigations for even that.
Signing-only HTTPS with a null cipher suite would do the same thing, yet web browsers don't support it.
Anyhow, https is nearly free - why shouldn't it be used everywhere all the time?
Because don't CAs don't issue certificates for 192.168/16 or the mDNS reserved domain (.local), HTTPS between devices on your LAN requires either buying a domain or running your own CA and installing its root on all devices on your network. The latter is difficult on many platforms.
The path and query string of the specific document you are visiting is itself private information. If, for example, it's a document on WebMD about a particular medical condition, your interest in the condition can be used against you or your family.
HTTPS also provides authentication that an intermediate actor didn't tamper with the connection. Comcast is known to inject advertising scripts into HTML documents delivered through cleartext HTTP.
Effectively everybody is already dependent on domain registrars.
The difference is that one can participate in Slashdot with script* off. A lot of websites are structured in such a way as to block people from even viewing them without running script. Some of it is accidental, especially for rich web applications where progressive enhancement would prove impractical. (Anti-script hardliners would prefer that operators of such services make a native client application available to the public in source code form.) But lately, other dependencies on script are deliberate in an attempt to deny the text of an article to someone unwilling to download and view third-party advertising or mine cryptocurrency.
* In this comment, "script" is any computer program delivered by a website and automatically run in a web browser, including without limitation JavaScript, ActionScript bytecode, JVM bytecode, CIL, and WebAssembly.
The problem is not only with JavaScript but also with WebAssembly. What they have in common is that a computer program chosen by the operator of a website that you are visiting executes on your computer before you have an opportunity to audit the program (or hire someone to do so). Operators can and habitually do collude to use this browser capability to run scripts that track users, exfiltrating information about each viewer's identity.
So long as a particular workload doesn't use pointer-heavy algorithms (which video decoding doesn't), the performance benefit of x86-64's additional general purpose registers is likely to outweigh the data cache hit of larger pointers.
SHA256 is a one way hash. Content is not encoded nor encrypted through SHA256.
From any one-way hash function, one can derive a stream cipher by running it in counter mode. Daniel J. Bernstein called this construction "Snuffle". But I don't know whether the Nintendo 3DS uses Snuffle.
Is culture defined by language, is language defined by culture or both?
The Sapir-Worf hypothesis is that English and Klingon are not "sufficiently similar to be considered as representing the same social reality."