Most active commenters
  • account42(11)
  • ozim(6)
  • dijit(4)
  • matrss(4)
  • eesmith(4)
  • pests(3)
  • Pannoniae(3)
  • ratorx(3)

←back to thread

512 points gslin | 79 comments | | HN request time: 2.099s | source | bottom
Show context
pests ◴[] No.42191619[source]
It feels like just yesterday I was paying for certs, or worst, just running without.

Can't believe its been ten years.

replies(1): >>42191666 #
1. ozim ◴[] No.42191666[source]
Can’t believe there are still anti TLS weirdos.
replies(7): >>42191688 #>>42191718 #>>42191893 #>>42192714 #>>42192733 #>>42193057 #>>42193614 #
2. dijit ◴[] No.42191688[source]
The digital equivalent of a local kebab shop menu does not need encryption.

The lack of understanding from us as technologists for people who would have had a working site and are now forced into either: an oligopoly of site hosting companies, or, for their site to break consistently as TLS standards rotate is one thing that brings me shame about our community.

You can come up with all kinds of reasons to gatekeep website hosting, “they have to update anyway” even when updating means reinstallion of an OS, “its not that hard to rotate” say people with deep knowledge of computers, “just get someone else to do it” say people who have a financial interest in it being that way.

Framing people with legitimate issues as weirdo’s is not as charming as you think it is.

replies(6): >>42191746 #>>42191752 #>>42191760 #>>42191778 #>>42191785 #>>42191894 #
3. wannacboatmovie ◴[] No.42191718[source]
Can't believe the HTTPS everywhere cargo cult still can't get it through their skulls there is still a place and use cases for plaintext HTTP. In some cases, CRLs for example, they shall not be served over HTTPS.
4. pests ◴[] No.42191746[source]
You say that until some foreign national gets their kabab order MITM to deliver them some malicious virus that ends up getting him killed.
replies(1): >>42192959 #
5. johannes1234321 ◴[] No.42191752[source]
TLS doesn't just hide the information transmitted, but also ensures the integrity. Thus nobody on the network tinkered with the prices on the menu.

Also the Kebap Shop probably has a form for reservation or ordering, which takes personal information.

True, they are all low risk things, but getting TLS is trivial (since many Webservers etc can do letsencrypt rotation fully automatically) and secure defaults are a good thing.

replies(3): >>42191784 #>>42191896 #>>42192727 #
6. taneliv ◴[] No.42191760[source]
I'm always reminded about this by being on the other side of the equation with my car.

There is regulation, like mandatory yearly inspections and anyone is only allowed to sell road worthy vehicles. These rules are rather strict, likewise for the driver's license. They aren't impossible to know or understand, but there's a lot of details.

However, when I take it to the shop, whether for that yearly inspection, regular maintenance, or because there's something apparently wrong with it, I never know what to expect in terms of time and money.

Oh, it needs a new thingamajig? I start to mildly sweat, fearing it to cost six hundred like the flux capacitor that had to be replaced last week/month/year and took two weeks to get shipped from another country. "Ninety cents, and we put it in place for no charge, it literally takes ten seconds", like, I love to hear the news, could have saved me from the anguish by giving a hint when I asked about the price! But need a new key? Starting from three hundred fifty, plus one hundred seventy for a backup copy. Like, where do these prices come from? Actually, don't tell me, I'm a software engineer. I know, I know.

I'll just wait until you want your car shop web pages up. Oh, for that you'll need PCI DSS and we can't do that other things because of GDPR. Sorry, my hands are tied here. That'll be four thousand plus tax, mister auto mechanic shop owner.

replies(1): >>42191843 #
7. sureIy ◴[] No.42191778[source]
Irrelevant.

Safe transfer should be the default.

Your argument is akin to "I don't have anything to hide."

You just do it and don't think about it. Modern servers and services make this completely transparent.

The kebab guy doesn't need to worry about this as long as they're not fooled into buying from mala fide hosting companies who tries to upsell you on something that should be the baseline.

replies(1): >>42192226 #
8. dijit ◴[] No.42191784{3}[source]
There are plenty of websites that were just static pages used for conveying information. Most people who set them up lacked the ability to turn them into forms that connected to anything.

They’ve nearly all been lost to time now though, if a shop has a web-presence it will be through a provider such as “bokabord”, doordash, ubereats (as mentioned), some of whom charge up to 30% of anything booked/ordered via the web.

But, I guess no MITM can manipulate prices… except, by charging…

replies(2): >>42191863 #>>42191985 #
9. gotodengo ◴[] No.42191785[source]
Their site will break consistently in any case. Running a site in 2024 comes with a responsibility to update regularly for a good reason.

There are more than enough forgotten kebab shop restaurant pages that are now serving malware because they never updated WordPress that an out of date certificate warning is a very good "heads up, this site hasn't been maintained in 6 years"

If we're talking hosting even a static HTML file without using a site hosting company, that already requires so much technical knowledge (Domain purchasing, DNS, purchasing a static IP from your ISP, server software which again requires vuln updates) that said person will be able to update a TLS cert without any issue.

replies(1): >>42192833 #
10. dns_snek ◴[] No.42191843{3}[source]
I don't think that's a good analogy, you're comparing a mass produced product to an individualized B2B service that's going to generate profits for your customer.
replies(1): >>42192491 #
11. matrss ◴[] No.42191863{4}[source]
> There are plenty of websites that were just static pages used for conveying information.

If you care about the integrity of the conveyed information you need TLS. If you don't, you wouldn't have published a website in the first place.

A while back I've seen a wordpress site for a podcast without https where people also argued it doesn't need it. They had banking information for donations on that site.

Sometimes I wish every party involved in transporting packets on the internet would just mangle all unencrypted http that they see, if only to make a point...

replies(4): >>42191908 #>>42192753 #>>42192786 #>>42197635 #
12. Pannoniae ◴[] No.42191893[source]
TLS is not panacea and it's not universally positive. Here are some arguments against it for balance.

TLS is fairly computationally intensive - sure, not a big deal now because everyone is using superfast devices but try browsing the internet with a Pentium 4 or something. You won't be able to because there is no AES instruction set support accelerating the keyshake so it's hilariously slow.

It also encourages memoryholing old websites which aren't maintained - priceless knowledge is often lost because websites go down because no one is maintaining them. On my hard drive, I have a fair amount of stuff which I'm reasonably confident doesn't exist anywhere on the Internet anymore.... if my drives fail, that knowledge will be lost forever.

It is also a very centralised model - if I want to host a website, why do third parties need to issue a certificate for it just so people can connect to it?

It also discourages naive experimentation - sure, if you know how, you can MitM your own connection but for the not very technical but curious user, that's probably an insurmountable roadblock.

replies(7): >>42191942 #>>42192026 #>>42192088 #>>42192426 #>>42192479 #>>42193243 #>>42203762 #
13. serbuvlad ◴[] No.42191894[source]
I'm really curious as to what you see as the disadvantages of TLS. Sure, the advantages are minor for some services and critical for other services.

However, if you already have bought a domain name, the cost of setting up TLS is basically 0. You just run certbot and give it the domains you want to license. It will set up auto-renew and even edit your Apache/NGINX configs to enable TLS.

Sure, TLS standards rotate. But that just means you have to update Apache/NGINX every like 5 years. Hardly a barrier for most people imo.

replies(2): >>42191948 #>>42192097 #
14. megous ◴[] No.42191896{3}[source]
You can get integrity at higher levels in the stack (or lower).
15. MrGreenTea ◴[] No.42191942[source]
Regarding the stuff you safe guard: what are your reasons for not sharing them somehow to prevent that loss when (not if) your drive fails?
replies(1): >>42191958 #
16. dijit ◴[] No.42191948{3}[source]
Its better than it was, but TLS has a lot more knobs to fail than even a basic http server does; theres a whole host of handoff thats happening and running multiple sites is fraught with minor issues.

certbot is a python program, better hope it keeps working- it’s definitely not kept working for me and I’m a seasoned sysadmin. a combination of my python environment becoming outdated (making updates impossible) and a deprecation of a critical API needed for it to work.

The #1 cause of issues with a hobby website: darkscience.net is that it refuses to negotiate on Chrome because the TLS suites are considered too old, yet in 2020 I was scoring A+ on Qualys SSL report.

Its just time, time and effort and its wasted mostly.

The letsencrypt tools are really wonderful, just pray they don’t break, and be ready to reinstall everything from scratch at some point.

replies(3): >>42192214 #>>42192993 #>>42195878 #
17. Pannoniae ◴[] No.42191958{3}[source]
I mean, I do! The music I have I put on Soulseek, although the more obscure stuff hasn't been downloaded yet. I also have fairly old video game mods - I don't even know where to share them or if anyone would be interested at all.
replies(2): >>42192304 #>>42192699 #
18. burnished ◴[] No.42191985{4}[source]
Huh. Never thought about it that way; replacing hypothetical MITM attacks with genuine middlemen.
19. ratorx ◴[] No.42192026[source]
> if I want to host a website …

The fundamental problem is a question of trust. There’s three ways:

* Well known validation authority (the public TLS model)

* TOFU (the default SSH model)

* Pre-distribute your public keys (the self-signed certificate model)

Are there any alternatives?

If your requirement is that you don’t want to trust a third party, then don’t. You can use self-signed certificates and become your own root of trust. But I think expecting the average user to manually curate their roots of trust is a clearly terrible security UX.

replies(2): >>42192098 #>>42192280 #
20. Sesse__ ◴[] No.42192088[source]
The handshake doesn't primarily depend on AES; it is typically a Diffie-Hellman variant (which doesn't have any acceleration) that takes time. Anyway, you're hopefully using TLS 1.3 by now, where you can use ChaCha20 instead of AES :-)
21. JoshTriplett ◴[] No.42192097{3}[source]
> the cost of setting up TLS is basically 0. You just run certbot

certbot is not even close to the pinnacle of easy TLS setup. Using an HTTP server that fully integrates ACME and tls-alpn-01 is much nicer: tell your server what domain you use, and it automatically obtains a certificate.

22. rocqua ◴[] No.42192098{3}[source]
There is web of trust, where you trust people that are trusted by your friends.

There's issues with it, but it is an alternative model, and I could see it being made to work.

replies(2): >>42192225 #>>42192633 #
23. usr1106 ◴[] No.42192214{4}[source]
> certbot is a python program, better hope it keeps working

There is also https://github.com/srvrco/getssl which is a bash script. I have lightly audited it years ago and it did not seem to upload your private keys anywhere... I've used it occasionally, but I don't let it run as root, so I need to copy the retrieved certs into the the server config manually.

replies(1): >>42192231 #
24. ratorx ◴[] No.42192225{4}[source]
Ah, I forgot about that and never really considered it because GPG is so annoying to use, but it is fairly reasonable.

I don’t see how it has too many advantages (for the internet) over creating your own CA. If you have a mutually trusted group of people, then they can all share the private key and sign whatever they trust.

I think the main problem is that it doesn’t scale. If party A and party B who have never communicated before want to communicate securely (let’s say from completely different countries), there’s no way they would be able to without a bridge. With central TLS, despite the downsides, that is seamless.

25. clan ◴[] No.42192226{3}[source]
Nah ah. Not.

While we might be able to find common ground in the statement that "safe transfer should be the default", we will differ on the definition of "safe".

Unfortunately these discussions often end up in techno-babble. Especially here on HN were we tend to enjoy rather binary viewpoints without too many shades of gray.

Try being your own devils advocate: "What if I have something to hide?".

Then deal with that. Legitimately. Reasonably. Unless you are an anarkist I assume that we can agree that we need authoraties. A legal framework. Policing.

So I 100% support Let's Encrypt and what they have done to destroy the certificate racket. That is a force of good!

But I do not think it was a healthy thing that the browsers (and Google search results) "forced" the world defacto to TLS only.

Why? Look at the list of Trusted Root Certificates in the big OS and browsers. You are telling me only good guys are listed? None here are or can be influenced by state actors?

But that is the good kind of MITM? This then hinges on your definition of "safe transport". Only the anarkist can win against the government. I am not.

It might sound like I am in the "I do not have anything to hide" camp. I am not that naive. But I am firmly in the "I prefer more scrutiny when I have something to hide". Because the measures the authorities needs to employ today are too draconian for my liking.

I preferred the risk of MITM on an ISP level to what the authoraties need to do now to stay in control. We have not eliminated MITM. Just made it harder. And we forgot to discuss legitimate reasons for MITM because "bad".

This is not a "technical" discussion on the fine details of TLS or not. But should be a discussion about the societal changes this causes. We need locks to keep the creeps out but still wants the police to gain access. The current system does not enable that in a healthy way but rather erodes trust.

Us binary people can define clear simple technical solutions. But the rest of the world is quite messy. And us bit twiddlers tend to shy away from that and then ignore the push-back to our actions.

We cannot have a sober conversation unless we depart from the "encrypt everything" is technically good and then that is set in stone. But here we are: Writing off arguments as irrelevant.

26. dijit ◴[] No.42192231{5}[source]
Theres a bunch of alternative clients and I’ve tried many.

Larger point is regarding the fact that its required for what amounts to a poster on a wall: yes, someone can come along with a pen an alter the poster- but its not worth the effort to secure for most people and will degrade rapidly with such security too.

So, instead they turn to middlemen, or don’t bother.

Theres a myriad of other issues, but, its not as easy as we claim.

27. xorcist ◴[] No.42192280{3}[source]
> Are there any alternatives?

The obvious alternative would be a model where domain validated certificates are issued by the registrar and the registrar only. Certificates should reflect domain ownership as that is the way they are used (mostly).

There is a risk that Let's Encrypt and other "good enough" solutions takes us further from that. There are also many actors with economic interest in the established model, both in the PKI business and consultants where law enforcement are important customers.

replies(1): >>42192322 #
28. tomalbrc ◴[] No.42192304{4}[source]
The Internet Archive?
29. ratorx ◴[] No.42192322{4}[source]
How would you validate whether a certificate was signed by a registrar or not?

If the answer is to walk down the DNS tree, then you have basically arrived at DNSSEC/DANE. However I don’t know enough about it to say why it is not more widely used.

replies(2): >>42192474 #>>42200482 #
30. ozim ◴[] No.42192426[source]
*It also discourages naive experimentation* that's the point where if you put on silly website no one can easily MitM it when its data is sent across the globe and use 0-day in browser on "fluffy kittens page".

Biggest problem that Edward Snowden uncovered was - this stuff was happening and was happening en-mass FULLY AUTOMATED - it wasn't some kid in basement getting MitM on your WiFi after hours of tinkering.

It was also happening fully automated as shitty ISPs were injecting their ads into your traffic, so your fluffy kittens page was used to serve ads by bad people.

There is no "balance" if you understand bad people are going to swap your "fluffy kittens page" into "hardcore porn" only if they get hands on it. Bad people will include 0-day malware to target anyone and everyone just in case they can earn money on it.

You also have to understand don't have any control through which network your "fluffy kitten page" data will pass through - malicious groups were doing multiple times BGP hijacking.

So saying "well it is just fluffy kitten page my neighbors are checking for the photos I post" seems like there is a lot of explaining on how Internet is working to be done.

replies(1): >>42192545 #
31. xorcist ◴[] No.42192474{5}[source]
How do you validate any certificate? You'd have to trust the registrar, presumably like you trust any one CA today. The web browsers do a decent job keeping up to date with this and new top domains aren't added on a daily basis anyway.

Utilizing DNS, whois, or a purpose built protocol directly would alleviate the problem altogether but should probably be done by way of an updated TLS specification.

Any realistic migration should probably exist alongside the public CA model for a very long time.

32. account42 ◴[] No.42192479[source]
I find the lack of backwards compatibility also concerning - and that is not something can be fixed as deprecation of old SSL/TLS versions and ciphers is intentional.

Beyond that, TLS is also adds additional points of failure. For one, it preventing users from accessing websites that are still operational but have an outdated cert or some other configuration issue. And HSTS even requires browsers to deprive users of the agency to override default policies and access the site anyway.

TLS is also a complex protocol with complex implementations that are prone to can bring their own security issues, e.g. heartbleed.

There are also many cases where there are holes in the security. E.g. old HTTP links, even if they redirect to HTTP, provide an opportunity for interception. Similarly entering domain names without a scheme requires Browsers to either allow downgrade to HTTP or break older sites. The solutions to this (mainly HSTS and HSTS preload) don't scale and bring many new issues (policy lifetimes outlive domain ownership, taking away user agency).

In my ideal world

a) There would be no separate HTTPS URL scheme for secure connections. Cool URIs don't change and the transport security doesn't change the resource you are addressing. A separate protocol doesn't prevent downgrade attacks in all cases anyway (old HTTP URLS, entering domains in the address bar, no indication of TLS version and supported ciphers in the scheme).

b) Trust should be provided in a hierarchical manner, just like domains themselves - e.g. via DNSSEC+DANE.

c) This mechanism would also securely inform browsers about what protocols and ciphers the server supports to allow for backwards compatiblity with older clients (where desired) while preventing downgrade attacks on modern clients.

d) Network operators that interfere with the transmitted data are dealth with legal means (loss of common carrier status at the very least, but ideally the practice should be outright illegal). Unecrypted connections shouldn't allow service providers to get away with scamming you.

33. taneliv ◴[] No.42192491{4}[source]
It's not an analogy. It's asymmetric warfare.
34. account42 ◴[] No.42192545{3}[source]
> It also discourages naive experimentation that's the point where if you put on silly website no one can easily MitM it when its data is sent across the globe and use 0-day in browser on "fluffy kittens page".

Transport security doesn't make 0-days any less of a concern.

> It was also happening fully automated as shitty ISPs were injecting their ads into your traffic, so your fluffy kittens page was used to serve ads by bad people.

That's a societal/legal problem. Trying to solve those with technological means is generally not a good idea.

> There is no "balance" if you understand bad people are going to swap your "fluffy kittens page" into "hardcore porn" only if they get hands on it. Bad people will include 0-day malware to target anyone and everyone just in case they can earn money on it.

The only people who can realistically MITM your connection are network operators and governments. These can and should be held accountable for their interference. You have no more security that your food wansn't tampered with during transport but somehow you live with that. Similarly security of physical mail is 100% legislative construct.

> You also have to understand don't have any control through which network your "fluffy kitten page" data will pass through - malicious groups were doing multiple times BGP hijacking.

I don't but my ISP does. Solutions for malicious actors interfering with routing are needed irrespective of transport security.

> So saying "well it is just fluffy kitten page my neighbors are checking for the photos I post" seems like there is a lot of explaining on how Internet is working to be done.

Not at all - unless you are also epecting them to have their fluffy kitten postcards checked for Anthrax. In general, it is security people who often need to touch grass because the security model they are working with is entirely divorced from reality.

replies(3): >>42192804 #>>42193262 #>>42193846 #
35. account42 ◴[] No.42192633{4}[source]
Providing initial trust via hyperlinks could be interesting.
36. account42 ◴[] No.42192699{4}[source]
You could try to upload them to modding sites (preferrably not onces with a longin requirement for downloading) if you don't want to host them yourself. That can be either general modding archives or game-specific community sites - the latter are smaller but more likely to be interested in older mods. Make sure that whatever host you use can be crawled by the internet archive.

Interest is probably going to be low but not zero - I often play games long after they have been released and sometimes intentionally using older versions that are no longer supported by current mods.

replies(1): >>42193253 #
37. account42 ◴[] No.42192714[source]
In general if you need to resort to ad hominens like calling your detractors weirdos then maybe your position isn't as justified as you want to believe.
38. account42 ◴[] No.42192727{3}[source]
The Kebab Shop also takes orders over the phone, which is not any more encrypted.

And prices are more likely to be simply outdated than modified by a malicious entity. Your concerns are not based in reality.

replies(1): >>42193759 #
39. michaelt ◴[] No.42192733[source]
I am 99% in favour of widespread use of TLS - but the reality is it means the web only works at the whim of the CA/Browser Forum. And some members of the forum are very eager to flex their authority.

If I do everything perfectly, but the CA I used makes some trivial error which, in the case of my certificate, has no real-world security impact? They can send me an e-mail at 6:40 PM telling me they're revoking my certificate at 2:30 PM the next day. Just what you want to find in your inbox when you get in the next day. I hope you weren't into testing, or staged rollouts, or agreeing deployment windows with your users - you'd better YOLO that change into production without any of that.

Even though it wasn't your mistake, and there's no suggestion you shouldn't have the certificate you have.

As far as the CA/B Forum is concerned, safety-critical systems that can't YOLO changes straight into production with minimal testing and only a few hours of notice don't belong on their PKI infrastructure. You'd better jump to it and fix their mistake right now.

replies(2): >>42192813 #>>42193195 #
40. account42 ◴[] No.42192753{5}[source]
What ensures the integrity of conveyed information for physical mail? For flyers? For telephone conversations?

The cryptography community would have you believe that the only solution to getting scammed is encryption. It isn't.

replies(2): >>42193334 #>>42203926 #
41. eesmith ◴[] No.42192786{5}[source]
There is a specific class of websites that will always support non-TLS connections, like http://home.mcom.com/ and http://textfiles.com/ .

Like, "telnet textfiles.com 80" then "GET / HTTP/1.0", <enter>, "Location: textfile.com" <enter><enter> and you have the page.

What would be the point of making these unencrypted sites disappear?

replies(2): >>42193242 #>>42194298 #
42. ozim ◴[] No.42192804{4}[source]
All I got from your explanation is:

I am going to cross the street in front of that speeding car because driver will be held liable when I get hit and die.

If there is not even a possibility to hijack the traffic whole range of things just won’t happen. And holding someone liable is not the solution.

replies(2): >>42192863 #>>42192864 #
43. account42 ◴[] No.42192813[source]
I'm probably more critical of TLS in general than you are, but to be fair to LE one of their biggest contributions has been to change certificate updates from a deployment to something that should happen automatically during normal operations. If you have things setup the recommended way your daily certbot/etc run will simply pick up a new certificate and loat it into whatever servers that need it without you having to lift a finger. Of course in practice it doesn't always work out that way.
replies(1): >>42193727 #
44. account42 ◴[] No.42192833{3}[source]
> There are more than enough forgotten kebab shop restaurant pages that are now serving malware

[citation needed]

There are plenty of organizations that actively scan the web for "malware" (aka anything that the almighty machine learning algorithms don't like) and are more than happy to harass the website owner and hosting company until their demands are met.

Security is ultimately a social issue. Technical means are only one way to improve it and can never solve it 100%. You must never loose sight of the cost imposed by tecnological security solutions versus what improvement they actually offer.

45. wizzwizz4 ◴[] No.42192863{5}[source]
Technological measures don't make things impossible: they make them harder. And they rarely solve all the consequences of a problem: only the ones that have been explicitly identified.
46. account42 ◴[] No.42192864{5}[source]
The situation is more akin to demanding that pedestrians should be prevented from crossing the road at all cost because a malicious driver could ignore all red lights. And of course banning pedestrias ins't enough. After all, motorcyles are also pretty unsafe so we ban those too. But you see someone could also be pointing a bazooka at the road so then we require all cars to have sufficient armor plating in order to be allowed on the road. That is, before realizing that portable nukes exists and you never know who has one. We don't do that. Instead we develop specific solutions (e.g. an over/underpass for high risk intersections, walls for highways) where they are actually needed without loosing sight of the unreasonable cost (not just monetary) that demanding zero risk would impose.
replies(2): >>42194300 #>>42198633 #
47. account42 ◴[] No.42192959{3}[source]
Which is of course a real concern for the average joe.
replies(1): >>42210465 #
48. ndsipa_pomu ◴[] No.42192993{4}[source]
> certbot is a python program, better hope it keeps working- it’s definitely not kept working for me and I’m a seasoned sysadmin. a combination of my python environment becoming outdated (making updates impossible) and a deprecation of a critical API needed for it to work.

You could try out acme.sh that's written purely in shell. It's extremely capable and supports DNS challenge and multiple providers

https://github.com/acmesh-official/acme.sh

49. dspillett ◴[] No.42193057[source]
Or worse: people who still go on and on about how self-signed certificates should be accepted by browsers, and can't be convinced that blind-trust-no-first-use is lousy security.

They usually counter with “but SSH uses TOFU” because they don't see, and can't be convinced of, the problem of not verifying the server key signature⁰. I can be fairly sure that I'm talking to the daemon that I've just setup myself without explicitly checking the signature¹, but that particular side-channel assurance doesn't apply to, for example, a client connecting to our SFTP endpoint for the first time² to send us sensitive data.

--

[0] Basically, they get away with doing SSH wrong, and want to get away with doing HTTPS wrong the same way.

[1] Though I still should, really, and actually do in DayJob.

[2] Surprisingly few banks' tech teams bother to verify SSH server signatures on first connection, I know because the ones in our documentation were wrong for a time and no one queried the matter before I noticed it when reviewing that documentation while adding further details. I doubt they'd even notice the signature changing unexpectedly even though that could mean something very serious is going on.

50. hehehheh ◴[] No.42193195[source]
Hopefully you terminate TLS far away from your app code so rolling that out to prod is a non issue. But I get your point!
51. dspillett ◴[] No.42193243[source]
> It is also a very centralised model

I can see why the centralisation is suboptimal (or even actively bad if I'm feeling paranoid!), but other schemes (web of trust, etc.) tend to end up far more complicated for the end user (or their UA). So far no one has come up with a practical alternative without some other disadvantage that would block its general adoption.

> if I want to host a website, why do third parties need to issue a certificate for it just so people can connect to it?

Because if we don't trust those few 3rd parties, we end up having to effectively trust every host on the Internet, which means trusting people and trusting all the people is a bad idea.

Some argue that needing a trusted certificate for just a personal page is extreme, but this one of those cases where the greater good has to win out. For instance: if we train people that self-signed certs are fine to trust in some circumstances, they'll end up clicking OK to trust them in circumstances where they really shouldn't. This can seem a bit nanny-ish, but people are often dumb, or just lazy to the point where it is sometimes indistinguishable from dumb (I'm counting myself here!) so need a bit of nannying. And anyway, if your site doesn't take any input then no browser will (yet) complain about plain HTTP.

> It also discourages naive experimentation

When something could affect security, discouraging naive experimentation on the public network is a good thing IMO. Do those experiments more locally, or at least on hosts you don't expect the public to access.

replies(1): >>42194201 #
52. matrss ◴[] No.42193242{6}[source]
textfiles.com says: "TEXTFILES.COM has been online for nearly 25 years with no ads or clickthroughs."

I'd argue that that is a most likely objectively false statement and that the domain owner is in no position to authoritatively answer the question if it has ever served ads in that time. As it is served without TLS any party involved in the transportation of the data can mess with its content and e.g. insert ads. There are a number of reports of ISPs having done exactly that in the past, and some might still do it today. Therefore it is very likely that textfiles.com as shown in someones browser has indeed had ads at some point in time, even if the one controlling the domain didn't insert them.

Textfiles also contains donation links for PayPal and Venmo. That is an attractive target to replace with something else.

And that is precisely the point: without TLS you do not have any authority over what anyone sees when visiting your website. If you don't care about that then fine, my comment about mangling all http traffic was a bit of a hyperbole. But don't be surprised when it happens anyway and donations meant for you go to someone else instead.

replies(2): >>42193647 #>>42219574 #
53. Pannoniae ◴[] No.42193253{5}[source]
You are entirely right - although I'd have to be careful with uploading it and where because on Steam Workshop, there's assholes who threaten to DMCA you without basis and there are similar problems on other sites too. But I'll look around :)
54. hehehheh ◴[] No.42193262{4}[source]
Counterpounts:

> Transport security doesn't make 0-days any less of a concern.

It does. Each layer of security doesn't eliminate the problem but does make the attack harder.

Mail and food are different in that there are not limitless scalable attacks that can originate anywhere around the globe.

55. matrss ◴[] No.42193334{6}[source]
> What ensures the integrity of conveyed information for physical mail? For flyers? For telephone conversations?

Nothing, really. But for physical mail the attacks against it don't scale nearly as well: you would need to insert yourself physically into the transportation chain and do physical work to mess with the content. Messing with mail is also taken much more seriously as an offense in many places, while laws are not as strict for network traffic generally.

For telephone conversations, at least until somewhat recently, the fact that synthesizing convincing speech in real time was not really feasible (especially not if you tried to imitate someones speech) ensured some integrity of the conversation. That has changed, though.

56. guappa ◴[] No.42193614[source]
My letsencrypt cert, despite all my attempts, works fine with browsers but WILL NOT work with wget/curl/python/whatever.

Plus setting up letsencrypt isn't really really easy. Last time it was failing because I had disabled HTTP on port 80 entirely on my server… but letsencrypt uses that to verify that my website has the magic file. So I had to make a script to turn it on for 5 minutes around the time when the certificate gets renewed. -_-'

None of this is easy or quick, and people have other stuff to do than to worry about completely hypothetical attacks on their blog.

replies(2): >>42193779 #>>42203961 #
57. eesmith ◴[] No.42193647{7}[source]
There is a big difference between "served ads" and "ads inserted downstream."

If you browse through your smart TV, and the smart TV overlays an ad over the browser window, or to the side, is that the same as saying the original server is serving those ads? I hope you agree it is not.

If you use a web browser from a phone vendor who has a special Chromium build which inserts ads client-side in the browser, do you say that the server is serving those ads? Do you know that absolutely no browser vendors, including for low-cost phones, do this?

If your ISP requires you configure your browser to use their proxy service, and that proxy service can insert ads, do you say that the server is serving those ads? Are you absolutely sure no ISPs have this requirement?

If you use a service where you can email it a URL and it emails you the PDF of the web site, with some advertising at the bottom of each page, do you say the original server is really the one serving those ads?

If you read my web site though archive.org, and archive.org has its "please donate to us" ad, do you really say that my site is serving those ads?

Is there any web site which you can guarantee it's impossible for any possible user, no matter the hardware or connection, to see ads which did not come from the original server as long as the server has TLS? I find that impossible to believe.

I therefore conclude that your interpretation is meaningless.

> "as shown in someones browser"

Which is different than being served by the server, as I believe I have sufficiently demonstrated.

> But don't be surprised when it happens anyway

Jason Scott, who runs that site, will not be surprised.

replies(1): >>42193934 #
58. michaelt ◴[] No.42193727{3}[source]
A daily certbot run won't protect you if the CA discovers the problem at 2pm (starting the 24 hour revocation timer) but they only have a fix rolled out by 6pm.

Anyone whose certbot run was between 2pm and 6pm would get their cert revoked the next day at 2pm anyway - even if it was only issued 18 hours ago.

There's also a higher level question: Is this the web we want to be building? One where every site and service has to apply for permission to continue existing every 24 hours? Do we want a web where the barrier to entry for hosting is a round-the-clock ops team, complete with holiday cover? And if you don't have that, you should be using Facebook or Twitter instead?

59. philistine ◴[] No.42193759{4}[source]
The fact that content on http websites hasn’t been maliciously switched does not mean that https didn’t work.

It’s like a vaccine. We vaccinated most of the web against a very bad problem, and that has stopped the problem from happening in the first place. If 90% were still on http, way more ISPs would insert ads.

60. mmsc ◴[] No.42193779[source]
>letsencrypt uses that to verify that my website has the magic file.

So, instead, use the other authentication methods. For example, DNS.

replies(1): >>42194090 #
61. OkayPhysicist ◴[] No.42193846{4}[source]
> transport security doesn't make 0-days any less of a concern.

It does make the actual execution of said attacks significantly harder. To actually hit someone's browser, they need to receive your payload. In the naive case, you can stick it on a webserver you control, but how many people are going to randomly visit your website? Most people visit only a handful of domains on a regular visit, and you've got tops a couple days before your exploit is going to be patched.

So you need to get your payload into the responses from those few domains people are actually making requests from. If you can pwn one of them, fantastic. Serve up your 0-day. But those websites are big, and are constantly under attack. That means you're not going to find any low-hanging fruit vulnerability-wise. Your best bet is trying to get one of them to willing serve your payload, maybe in the guise of an ad or something. Tricky, but not impossible.

But before universal https, you have another option: target the delivery chain. If they connect to a network you control? Pwned. If they use a router with bad security defaults that you find a vulnerability in? Pwned. If they use a small municipal ISP that turns out to have skimped on security? Pwned. Hell, you open up a whole attack vector via controlling an intermediate router at the ISP level. That's not to mention targeting DNS servers.

HTTPS dramatically shrinks the attack surface for the mass distribution unwanted payloads down to basically the high-traffic domains and the CA chain. That's a massive reduction.

> The only people who can realistically MITM your connection are network operators and governments.

Literally anyone can be a network operator. It takes minimal hardware. Coffee shop with wifi? Network operator. Dude popping up a wifi hotspot off his phone? Network operator. Sketchy dude in a black hoodie with a raspberry pi bridging the "Starbucks_guest" as "Starbucks Complimentary Wifi"? Network operator. Putting the security of every packet of web traffic onto "network operators" means drastically reducing internet access.

> You have no more security that your food wasn't tampered with during transport but somehow you live with that.

I've yet to hear of a case where some dude in a basement poisoned a CISCO truck without having to even put on pants. Routers get hacked plenty.

HTTPS is an easy, trivial-cost solution that completely eliminates multiple types of threats, several of which are either have major damage to their target or risk mass exposure, or both. Universal HTTPS is like your car beeping at you when you start moving without your seat belt on: kinda annoying when you're doing a small thing in tightly controlled environments, but has an outstanding risk reduction, and can be ignored with a little headache if you really want to.

replies(1): >>42206067 #
62. matrss ◴[] No.42193934{8}[source]
> If you browse through your smart TV, and the smart TV overlays an ad over the browser window, or to the side, is that the same as saying the original server is serving those ads? I hope you agree it is not.

I agree it is not. That is why I didn't say that the original server served ads, but that the _domain_ served ads. Without TLS you don't have authority over what your domain serves, with TLS you do (well, in the absence of rogue CAs, against which we have a somewhat good system in place).

> If you use a web browser from a phone vendor who has a special Chromium build which inserts ads client-side in the browser, do you say that the server is serving those ads? Do you know that absolutely no browser vendors, including for low-cost phones, do this?

This is simply a compromised device.

> If your ISP requires you configure your browser to use their proxy service, and that proxy service can insert ads, do you say that the server is serving those ads? Are you absolutely sure no ISPs have this requirement?

This is an ISP giving you instructions to compromise your device.

> If you use a service where you can email it a URL and it emails you the PDF of the web site, with some advertising at the bottom of each page, do you say the original server is really the one serving those ads?

No, in this case I am clearly no longer looking at the website, but asking a third-party to convey it to me with whatever changes it makes to it.

> If you read my web site though archive.org, and archive.org has its "please donate to us" ad, do you really say that my site is serving those ads?

No, archive.org is then serving an ad on their own domain, while simultaneously showing an archived version of your website, the correctness of which I have to trust archive.org for.

> Is there any web site which you can guarantee it's impossible for any possible user, no matter the hardware or connection, to see ads which did not come from the original server as long as the server has TLS? I find that impossible to believe.

Fair point. I should have said that I additionally expect the client device to be uncompromised, otherwise all odds are off anyway as your examples show. The implicit scenario I was talking about includes an end-user using an uncompromised device and putting your domain into their browsers URL bar or making a direct http connection to your domain in some other way.

replies(1): >>42196158 #
63. guappa ◴[] No.42194090{3}[source]
Is that easier to configure? (no it isn't)
replies(1): >>42195180 #
64. chaxor ◴[] No.42194201{3}[source]
I agree that centralization is bad, and one of the worst parts of HTTPS (the other being that things like ed22519 systems, chacha20, poly1305, sntrup are generally viewed as better modern alternatives to AES, so postquantum system like rosenpass https://github.com/rosenpass/rosenpass are more preferable).

However, I think there is no reason at all that a system that is decentralized is not far _far_ simpler to instantiate for a user (not to mention far more secure and private). Crypto gets a lot of hate on HN, but it seems that it is mostly due to people's dislike of anything dealing with 'currency' systems or financial that touch it. This is a despised opinion here, but I am still actually excited for crypto systems that solve real world problems like TLS certs, DNS, et al.

Iroh seems like a _fantastic_, phenomenal system to showcase this idea. It allows for a very fast decentralized web experience on modern cryptography such as Blake3, QUIC, and so on but doesn't really touch any financial stuff at all. Its simply a good system.

I hope we can slowly move to a system that uses the decntralized consensus algorithms created in the crypto space to remove the trust in (typically big, corporate, and likely backdoored) centralized entities that our system today _requires_ without any alternative.

65. johannes1234321 ◴[] No.42194298{6}[source]
Instead of using telnet, switch over to an TLS client.

    openssl s_client -connect news.ycombinator.com:443
and you can do the same. A simple wrapper, alias or something makes it as nice as telnet.
replies(1): >>42195931 #
66. ozim ◴[] No.42194300{6}[source]
For me TLS is an overpass - yeah it costs more to build it, pedestrians have to climb the stairs to get on the other side but it is worth it. Then hopefully we have Let's Encrypt that can be an elevator/lift so pedestrians don't have to climb the stairs.

But that analogy of course runs dry rather quick because you can look both ways when crossing street - on the internet as I mentioned you cannot control where data flows and bad actors already proven that they are doing so.

This is why it is not like overpass that you can build where the need is - because for internet traffic the need is everywhere.

67. mmsc ◴[] No.42195180{4}[source]
Setting a single DNS record which doesn't need to be change is more difficult than setting a crontab to open port 80 "around the time you expect the ACME challenge"?

How's that?

68. homebrewer ◴[] No.42195878{4}[source]
Modern http servers (like caddy) do not make it any more difficult than setting up plain http (it's actually the opposite — you have to specify the schema — http:// — in front of the domain name if you do not want https; otherwise you get https + 301 from http).
69. eesmith ◴[] No.42195931{7}[source]
My goal was to demonstrate that it supported http, and did not require TLS.
70. eesmith ◴[] No.42196158{9}[source]
While both those domains have a specific goal of letting people browse the web as it if were the 1990s, including using 1990s-era web browsers.

They want the historical integrity, which includes the lack of data integrity that you want.

71. ndriscoll ◴[] No.42197635{5}[source]
I'm pretty sure tons of people have made web pages or sites without caring about the integrity of the conveyed information. Not every website is something important like banking. It doesn't matter if a nefarious actor tweaks the information on a Shining Force II shrine (and even then, only for people who they're able to MITM).

In practice, many pages are also intentionally compromised by their authors (e.g. including malware scripts from Google), and devices are similarly compromised, so end-to-end "integrity" of the page isn't something the device owner even necessarily wants (c.f. privoxy).

72. lcnPylGDnU4H9OF ◴[] No.42198633{6}[source]
> The situation is more akin to demanding that pedestrians should be prevented from crossing the road at all cost because a malicious driver could ignore all red lights.

Only if you are talking about actual events in which this is happening as a matter of course. Because that's what it is when ISPs inject ads into plain-text HTTP traffic: a matter of course. It's a bit more like saying that we don't have a way to effectively enforce our laws against maliciously reckless driving so we install a series of speed bumps on the road (it's still not quite the same thing because it doesn't make the reckless driving impossible but it does increase the cost).

But it's not like we're talking about agreeable activity here, anyway. This particular case against TLS sounds like a case that favors criticizing an imperfect solution to widespread negative behavior over criticizing the negative behavior. It seems reasonable to look at the speed bumps (which one may or may not find distasteful) and curse the reckless behavior of those who incentivized their construction.

73. tptacek ◴[] No.42200482{5}[source]
A recent thread going into details of why (only a tiny fraction of zones are signed, in North America that count has gone sharply down over recent intervals, and browsers don't support it):

https://news.ycombinator.com/item?id=41916478

74. bmicraft ◴[] No.42203762[source]
> It also encourages memoryholing old websites which aren't maintained - priceless knowledge is often lost because websites go down because no one is maintaining them. On my hard drive, I have a fair amount of stuff which I'm reasonably confident doesn't exist anywhere on the Internet anymore.... if my drives fail, that knowledge will be lost forever.

If the website really isn't maintained, then it's only a matter of time until the server is part of a botnet. Setting up LE for a simple site takes half an hour once.

75. ozim ◴[] No.42203926{6}[source]
My post I am typing here can happily go through Russia/China/India and you cannot do anything about it - and bad actors can actually make your traffic to go through them as per BGP hijacking that was happening multiple times.

NSA was installing physical devices at network providers that was scouring through all information - they did not have to have Agent Smith opening envelopes or even looking at them. Keep in mind criminals could do the same as well just pay off some employees at provider and also not all network providers are in countries where law enforcement works - and as mentioned your data can go through any of such network providers.

If I send physical mail I can be sure it is not going through Bangkok unless I specifically send it with destination that requires it to go there.

76. ozim ◴[] No.42203961[source]
Not really hypothetical.

Google "isp injecting ads", well most of it is from 10 years ago - but that is because now we have TLS everywhere.

And it is not attack on your blog but on readers of your blog, well your blog gets the blame of course in case they would be infected by malware or see adult ads.

77. jjeaff ◴[] No.42206067{5}[source]
I especially agree with your point about Cisco trucks (although I think you meant Sysco, an important distinction since we are comparing food supply to networks). The fact is, there are plenty of ways to poison the food supply in our current society. Even ways that might minimize your ability to be discovered. And yet it is rarely tried. But networks are infiltrated all the time. I think partially because networks are accessible from anywhere in the world. No pants (as you said) or passport required.
78. pests ◴[] No.42210465{4}[source]
I wish for all my fellow humans to be safe, just because it doesn't protect me personally doesn't mean I think it's not a concern.
79. textfiles ◴[] No.42219574{7}[source]
This argument is stupid.