BLOG: SSL everywhere? No thank you.

[Moonchild]

Since this topic seems to come up now and then, and it seems to be a very heated and emotional subject for the people bringing it up, I'm making this blog post to illuminate a few different angles and why I firmly believe that blindly enforcing encrypted web traffic for everything is not a good idea, not sustainable, and won't actually provide any net privacy benefits if it were to happen.

Public information versus private information

A lot of information out there in the web is inherently public: news, articles, wikipedia, resources, images, video, ... anything that isn't personal or private to the people who author or own it. Encrypting readable public information is mostly a pointless exercise. What would a casual observer hope to learn from monitoring information "on the wire" that is already readily available at their own request if they so choose?

Content isn't a concern, so what else? Having a record that you visited a certain site? That information will be known and recorded already anyway, in several locations, so monitoring your traffic in that case won't be needed either. If this is a concern, then you should employ some more advanced and better techniques to deal with untrusted local networks than SSL (which won't protect you from your visits being known to a local observer). But that doesn't really have much at all to do with browsing security, but rather networking security as a whole. Of course you wouldn't want to use plaintext traffic on untrusted networks, but would that be an issue with web traffic? Nope. It would be an issue with an untrusted network being... well... untrusted. Solutions include VPN, TOR and secure tunnels to trusted gateways.

Private information should, indeed, always be sent encrypted. People's e-mail addresses, personal data, login credentials, CC numbers; all that shouldn't be sent "in the clear" if at all possible. This is where encryption is prudent and should always be required. Common sense should apply what is public and what is private information, and the end-user can always make a choice to make private information public, as well.

"But someone might block/alter/inject stuff into public information if received unencrypted"

Absolutely! But providing Proof of Concept and having a practical application for such things are quite different things.

Keep in mind that there is no practical use for this kind of behavior, and it is not trivial to do and/or requires an investment of some sort.

block/alter: this would fall under censorship. There are plenty of ways to combat censorship if that is what you're suffering from, but none have anything to do with the need for encryption. Even encryption by itself won't prevent censorship; ISPs control your connection and traffic, including what your browser is presented with when trying to connect to an https server - the same way an https filtering, locally installed internet security suite can lie about the security and origin of your connection, an ISP can do this too - and most users wouldn't even be aware that anything was wrong.

inject: this, too, isn't trivial in modern browsers (including Pale Moon). A lot of safeguards are in place for cross-origin attacks and code injection, making it rather unfeasible to do on any practical scale. Even if done, what would be the practical use for it? Tracking? That would be done much more easily server-side. Stealing private/personal information? Not possible since public content won't contain such information...

The problem with traffic

Now, let's have a look at the potential impact of encrypting everything. Since SSL means end-to-end encryption, a few very essential mechanisms at work to keep the internet running smoothly will become unusable:

1. Network Caching: because each secure connection is encrypted in a different way, there is no way for encrypted data to be cached anywhere along the way. Caching (storing a copy in an intermediate location to be served to multiple clients) is an essential mechanism to keep the traffic volume flowing through the internet in check. If caching would become pointless or unusable, the internet as a whole would likely completely grind to a halt in a very short time because of traffic congestion.
2. Client-side caching: Caching in browsers more often than not has to be switched off or prevented for SSL-received data to be trusted by the browser. Data stored in local cached web content (disk cache) is usually not trusted because it can potentially be altered outside of the browser. This means that websites received over SSL can't be efficiently cached in your browser, and you end up re-downloading pages and elements in those pages over and over for each visit to the site.
3. Compression: unencrypted text/html and similar documents, by their very nature, compress really well. Compression for transport is used a lot to reduce the raw traffic volume that has to be served by servers and transported by backbones. Conversely, encrypted traffic is very much like a random bitstream; it won't compress at all or extremely little. Encrypting data, in other words, makes compression unusable. This will have a similar effect to not being able to cache anything, and will compound with it.

What about CDNs (content delivery networks)?

CDNs these days are smart enough to provide encrypted traffic to end-users, by employing their own valid certificates for the domain(s) they serve from that certificate. This will allow them to somewhat tackle the caching issues because they can cache content on the "cloud edge" before delivering it over SSL to end clients. However, this still doesn't tackle the client-side caching issue or compression issue, and introduces a new problem of its own: as an end client, you are explicitly trusting the CDN, which becomes a centralized location for not just public, but also private information! Your secure connection will no longer be from end to end, but from end to the cloud edge. Beyond that, your connection becomes unknown and if you want to apply strict security rules, you shouldn't use it.
After all: the CDN becomes a man in the middle over SSL, who will have access to your traffic in an unencrypted state. See below for a potentially bad scenario in that case.

What if: this were actually going to happen?

If the entire internet were to switch any and all traffic to encrypted traffic, including file downloads and public information, then what would be the new scenario? Here's my opinion:

Most likely the situation would be one where:

• All traffic will have to be served through CDNs if congestion is to be prevented. Direct traffic would be slow, if at all possible.
• There would be the realistic potential of a segregation between "local nets" and "backbone traffic". You would no longer be able to connect to a server on the other side of the globe if direct traffic is prevented to avoid backbone congestion.
• CDNs (as mentioned above) would become a requirement for any and all web server if they planned to have a global presence (to prevent too slow traffic, or in the worst case of a traffic segregation prevent from being completely unreachable). CDNs would become a controlling force, that everyone has to place their trust in - classic https server connections would no longer be a thing.
• Building on the previous points, where would the protection of privacy be left in that situation? Nowhere, because CDNs would have full access to unencrypted data, for any controlling power that be to demand. Your net win for using SSL in the first place would be absolutely zero; no, in fact, it would be worse than what we have now, because what is currently actually secure over SSL, is no longer an option in that future scenario.

---

So, this is why I think that enforcing SSL for everything, especially public data, is both folly and setting ourselves up for a big fall down the line. I heartily say "no thank you" to this.
Maybe I'm playing devil's advocate just slightly in my last section, but that is exactly what proponents of "SSL always and everywhere" do all the time when promoting it. Only fair that I return the approach in kind

I'm all for giving people the convenient option of having encrypted public website traffic, as a choice, to limit easy monitoring of exactly what public content is being requested without having to use a different network security method on untrusted (open, public, non-switched) networks (like airport WiFi etc. although I would strongly suggest VPNs for that), but enforcing it blindly (everywhere, also on trusted networks and direct ISP connections) is really not something that should be done, IMHO. Especially things like file downloads should not be served over https - after all, if the web page containing the link to the download is fully trusted, then the actual download will be legitimate and easily verifiable by e.g. posted or automatically checked hash on the trusted web page.
As such, http://www.palemoon.org, for example, is https enabled (but not enforced). So is this forum, albeit with automatic switching to https when logging in because of the personal nature of logged-in traffic (potential private messages, restricted boards, account information, etc.).

[davews]

Thanks Moonchild, one of the best discussions of the reasons against SSL everywhere I have seen. I tried to follow all the discussion on Wikipedia on why that is now forced SSL and failed to understand the purpose, it seems absolutely pointless for a public free encyclopedia.

[Sob__]

If I browse Wikipedia over plain http, everyone on the way (my ISP, operators of all networks between me and target server) can see all details, visited pages, how long I spent on each, etc. If I use https, they can tell that I went to Wikipedia, period. They won't have any idea if I searched for info about kittens or bombs. I do see the difference.

It's probably not necessary to force https for everyone. The reason for this is most likely that regular users don't know much (or anything) about it, so some operators force the security on them, because they feel it's good for them. You can of course question that.

inject: this, too, isn't trivial in modern browsers (including Pale Moon). A lot of safeguards are in place for cross-origin attacks and code injection, making it rather unfeasible to do on any practical scale. Even if done, what would be the practical use for it?

Depending on how you look at it, it can be extremely trivial. All you need is to just stick some transparent proxy in the way and you can do anything with unencrypted connections going through it. The only hard thing is how to get in the way, but it depends on who you are.
I did not follow the recent Hacking Team "scandal" too much, except reading few articles about local Czech police being one of their customers and some journalists trying to make a huge deal out of it. "Oh no, it's so shocking, they can spy on you if they want!" Didn't really shock me. But the point is, one described way to get to someone, was to force the person's ISP to redirect selected traffic through police proxy and they'd inject exploits into unencrypted requests. So the guy goes to (unencrypted) Wikipedia to read about kittens, not fearing anything, because to put it simply, it's Wikipedia, not a virus ridden crack site. And bam! He gets some nice Flash exploit delivered, which takes over the computer, ... the end.
I agree, this may be too specific and you can probably avoid it, if you don't trip the police. And even with https, they can skip ISP and go directly to server operator (but it may be harder, e.g. if it's in another country). So in a way, https might as well give only a false sense of security. But then again, it doesn't have to be a police, some bored ISP admin might be trying to do the same thing and https will stop him.

[superA]

That's WP's explanation..

There are several situations when the secure server can be useful:

Using the secure server gives some protection against eavesdropping, and most of all it protects against others snooping your Wikipedia password or cookie (for example with tools like Firesheep). Eavesdropping is a problem especially when connecting through a wireless network, a company or school network, or a public computer such as an Internet café.
Some users have a bad Internet connection that intermittently mangles characters. This can cause all kinds of weird problems while editing pages. This mostly happens when connected over wireless or mobile networks. Using the secure server fixes this, since the secure connection has much better error detection than the normal connections.
Some Internet access points (such as public Wi-Fi networks at some hotels or cafes) inject banner ads into all kinds of web pages including Wikipedia; using the secure server prevents this.

https://en.wikipedia.org/wiki/Wikipedia:Secure_server

In my opinion since you dont upload something , dont use a card , or dont expose personal info , it's a faulse sence of security.

[Moonchild]

If I browse Wikipedia over plain http, everyone on the way (my ISP, operators of all networks between me and target server) can see all details, visited pages, how long I spent on each, etc. If I use https, they can tell that I went to Wikipedia, period. They won't have any idea if I searched for info about kittens or bombs. I do see the difference.

Yes, there is a difference. The same way if you're in a public place reading the paper someone can see that you're reading the paper, which paper it is, and how long you spend reading one page before you turn the next, as opposed to reading the paper at home, where an observer can see you receiving the paper on your doormat and not much else. Do you think there's harm in an observer seeing you read the paper? Do you think the observer has any sort of use for that information? Would an agent be even remotely interested in you visiting lolcatz and seeing what you look at longest? multiply this by 7 billion, and the volume of pointless "data to collect" would become rather obvious.
Additionally, the "observer" in this case won't just be any random person (unless it's on an open WiFi or similar, in which case I do recommend bypassing the untrusted, shared segment of your network with a secure tunnel/gateway; but that is a different thing than direct https connections to all web servers) -- they are the people you purchase a service from which IMHO already indicates you at least have some trust in them not being criminals... Beyond that part of the network, it's backbones and datacenters, who generally have very strict privacy rules and security policies.

All you need is to just stick some transparent proxy in the way and you can do anything with unencrypted connections going through it. The only hard thing is how to get in the way, but it depends on who you are.

Exactly my point, see above. It's generally not trivial for a random person to stick themselves in-between you and a server in a completely transparent way. If they are in the capacity (as a trusted upstream from you) to do so and they do something like this, then it also becomes relatively easy to intercept https if they control DNS and lie about certificates, and you're not vigilant in verifying you're actually connecting to the host you think. If antivirus on your computer can lie about secure connections (https filtering), then an upstream like that can, as well.

most of all it protects against others snooping your Wikipedia password or cookie

If you LOG IN, then yes, it would be a good idea to use https. But if you just go to WikiPedia to look something up that is public, then this is a non-issue. Public vs. private information.

Some Internet access points (such as public Wi-Fi networks at some hotels or cafes) inject banner ads into all kinds of web pages

Usually, this is what you agree to by making use of a free service. The access you get for free is paid somehow, and that would be acceptable use -- unless of course you'd prefer no access at all or prefer that it costs you money. This inherent blocking of those ads is also just a side-effect and not the core reason why you should be using https.

[Sob__]

With Wikipedia/paper/... type of things, I don't think it's usable for global spying on everyone. That's too much data. But for targeted spying, why not, someone might be interested in what kind of information you access. Do I think that someone is interested in me this way? No and I don't think that anyone ever will (I hope). But as they say, just because you're paranoid, doesn't mean they're are not after you.

... becomes relatively easy to intercept https if they control DNS and lie about certificates, and you're not vigilant in verifying you're actually connecting to the host you think. If antivirus on your computer can lie about secure connections (https filtering), then an upstream like that can, as well.

Antivirus can do it, because it install its own CA certificate into system/browser. External attacker can't do it that easily. And if I get untrusted certificate warning when accessing my https://super-secret-site.tld and I click "I don't care", it's entirely my fault if they get me.

(even though it might not look like it, I'm not really paranoid and mostly neutral about the whole thing)

[Admin]

External attacker can't do it that easily.

There are plenty of social engineering situations where a user can be convinced into installing a global wildcard intermediate - maybe not without a confirmation, but browsers in general do offer the option to have certificates installed through them. The site visited to install the cert doesn't even have to be the site you want to super-secretly visit either It can be a perfectly legitimate service site you're forwarded to the first time you connect. Once the cert is there, it will be valid for any domain henceforth.

[squarefractal]

There are plenty of social engineering situations where a user can be convinced into installing a global wildcard intermediate

Nothing can provide perfect security -- it just raises the cost of exploitation. Also, if the hardware or software setup of your computer is untrustworthy, you have bigger problems.

I believe SSL does protect against such attacks -- obviously, you could coerce a CA to produce a cert, or use sslstrip or your own certificate to monitor on HTTPS traffic, it does make the act of manipulation more visible than HTTP.

As for network caching: isn't there any load balancers/reverse proxies which can do the encryption themselves?

If you LOG IN, then yes, it would be a good idea to use https. But if you just go to WikiPedia to look something up that is public, then this is a non-issue.

Do note that in many countries, reading upon topics considered "taboo" like women's rights, sexual orientations and political issues that are not considered "palatable" for the general public (e.g. China/Tienanmen Square incident) is considered a crime. The information is public but it is the association between the reader and the content that requires protection.

I'm aware of the fact that you can probably block out the whole website; but then in a future where most sites use HTTPS, you'd soon end up blocking 80% of sites, which won't go as well you expect it to go.

[Moonchild]

I believe SSL does protect against such attacks -- obviously, you could coerce a CA to produce a cert, or use sslstrip or your own certificate to monitor on HTTPS traffic, it does make the act of manipulation more visible than HTTP.

The main issue is not the debate whether SSL protects you from this kind of attack or not (I'm sure it makes it more difficult in some respects, but also can provide a false sense of security as others have touched on), it's whether there is a reason to blindly apply SSL to everything, everywhere.

Do note that in many countries, reading upon topics considered "taboo" like women's rights, sexual orientations and political issues that are not considered "palatable" for the general public (e.g. China/Tienanmen Square incident) is considered a crime.

I'm sorry but if you are in such regions, you know you are committing a crime by accessing that information. It still isn't the Internet's task to account for those situations where the local network is untrusted, or to support people committing crimes (whether your outside view on the matter agrees with their laws or not). People who "do not want to get caught" will have to take their own measures to commit their crimes and bypass government-monitored/untrusted networks if they wish to circumvent the law.
As a server operator, you can make it easier for those people to access content that is known to be considered sensitive by offering direct encryption, as a choice/convenience, but that doesn't mean SSL should always be enforced for everyone or that those server operators should be expected to offer it to begin with.

[squarefractal]

it's whether there is a reason to blindly apply SSL to everything

It's not blind application, the problem is that the internet has become a very hostile place; it was never assumed that the internet would be overrun by malicious parties trying to manipulate traffic for their own benefit. Now that this is happening on a widespread scale, it's justified that people are looking for ways to protect against such attacks.

you know you are committing a crime by accessing that information

You are making the assumption here that crime is bad, which is not necessarily the case. Accessing some information considered "bad" does not mean that certain groups in society need to be discriminated against, or people of a country need to suffer against misrule. If this mindless invasion of privacy continues, it will seriously challenge the possibility of social and political changes.

As a server operator, you can make it easier for those people to access content that is known to be considered sensitive by offering direct encryption, as a choice/convenience, but that doesn't mean SSL should always be enforced for everyone or that those server operators should be expected to offer it to begin with.

I think people can expect some security against possible manipulation of content while in transit.

I know you will get the point across once you see MITM attacks happening against relmirror*.palemoon.org. I do hope that PM becomes a widely used browser so that (among other reasons), adversaries are indeed interested to do this.

[half-moon]

I'm sorry but if you are in such regions, you know you are committing a crime by accessing that information. It still isn't the Internet's task to account for those situations where the local network is untrusted, or to support people committing crimes (whether your outside view on the matter agrees with their laws or not). People who "do not want to get caught" will have to take their own measures to commit their crimes and bypass government-monitored/untrusted networks if they wish to circumvent the law.
As a server operator, you can make it easier for those people to access content that is known to be considered sensitive by offering direct encryption, as a choice/convenience, but that doesn't mean SSL should always be enforced for everyone or that those server operators should be expected to offer it to begin with.

If the law is unjust, you have an obligation to break it.

[snertev]

BTW, in the Hacking Team scandal, the members of the team simply used not disclosed exploits of very well known browsers to track whatever people were doing with their cell phones.

The exploiting scripts were deployed on very trafficked and easily hackable web sites in Italy (soccer teams, cell phones providers, gov sites) and God-knows-how-many users were infected and tracked for who-knows-what reasons.

In these cases, SSL can protect nothing.

You can look for this and other info on Wikileaks search engine related to the scandal.

[squarefractal]

In these cases, SSL can protect nothing

Well, SSL is not a magic pill to every security problem. I hope you understand that.

[Sob__]

Off-topic:

If the law is unjust, you have an obligation to break it.

But better don't get caught doing it. It's the problem with laws, no matter how unjust or plain stupid some might be, breaking them will still get you punished.

[snertev]

In these cases, SSL can protect nothing

Well, SSL is not a magic pill to every security problem. I hope you understand that.

Absolutely.

But if who wants to track you for political reasons has already the tools to do so, fully and largely, even when SSL is on, what threats remain? Ads Company?

Those can track you as well, even better, with those pretty javascript scripts, free DNS servers, and thousands more tools.

SSL is a fake shield.

[Moonchild]

You are making the assumption here that crime is bad, which is not necessarily the case. Accessing some information considered "bad" does not mean that certain groups in society need to be discriminated against, or people of a country need to suffer against misrule.

It's very simple. No matter how unjust you may think certain laws are, a crime is a crime, and breaking the law is breaking the law.

Example: The country I live in right now allows for certain sexual practices that are considered far and wide to be taboo and a crime in other countries. You may agree with the laws in place to protect you from such practices in that case and agree that they are criminal, and accessing/downloading/disseminating information about such practices (e.g. media) is illegal. However, over here, it is not; it's not a crime to do so, and there is no obligation to shield anyone from such information or preventing it from being publicly accessible, or that your country suffers from misrule or your people are discriminated against. It won't be anyone's responsibility but the one breaking the law to protect themselves from prosecution if they choose to access this information. See the other side of the coin here? Who is to determine what is an "acceptable breach of the law"? There is no such thing -- laws are absolute, or at least supposed to be. They apply to the people governed by those laws and nobody else. Crime is bad, despite what your personal view of the criminal activity from the outside is.

If the law is unjust, you have an obligation to break it.

Who decides what is "unjust"?
Nobody has any sort of obligation to break the law. The only obligations there are, are to comply with the law. Perhaps you mean a "moral obligation" versus a "legal obligation"?

Also, who exactly would have this obligation to break the law? Server operators? I think not. As a server operator you may even approach it as such, where you refuse to apply any SSL because it enables others to break the law by providing covert access to material illegal to obtain in their area.

[squarefractal]

No matter how unjust you may think certain laws are, a crime is a crime, and breaking the law is breaking the law.

Well, I believe everything that needed to be stated has already been stated, and there's no point in debating this. I do find your viewpoints interesting (and a bit naive, too), since you have obviously not have had some incident to relate it with, where breaking the law becomes necessary.

The point I wanted to make, however, was that if all content is left to manipulation in this manner, then political and social changes will become next to impossible.

However, everything actually boils down to:

I think people can expect some security against possible manipulation of content while in transit.

And the only points presented against HTTPS were:

Network Caching:
Client-side caching:
Compression:

Some Googling shows that there are a number of software packages capable of (1), I don't understand (3) because encryption happens later; leaving only point (2) to be the only fair point against HTTPS.

As far as network congestion is concerned, I believe that the situation will even itself out -- internet traffic has grown many times as compared to the last 15 years, and there hasn't been any congestion.

Now you don't like HTTPS for transmitting public data, that's a very different issue It doesn't mean that HTTPS provides nothing of value, even when transmitting data that is public by nature.

[LimboSlam]

To add, the average Internet user wouldn't notice a thing about this because they know nothing of the sorts (SSL/HTTPS encryption) and simply don't care as long as their webpage loads fine. And this is just a bunch of "maybes" and "what ifs," so we really won't know until they actually go through with it, hopefully by test runs first. But yes MC your opinion or speculation sounds about right, yours too squarefractal.

As far as network congestion is concerned, I believe that the situation will even itself out -- internet traffic has grown many times as compared to the last 15 years, and there hasn't been any congestion.

[Moonchild]

It doesn't mean that HTTPS provides nothing of value, even when transmitting data that is public by nature.

I never said this in fact, I fully agree with offering it as a choice for those who want/need it, when budgets and expertise (since badly set up HTTPS is worse than no HTTPS, but that aside) allow for this on the server side.

HTTPS does add value, but, once again for the last time, to repeat my initial point, HTTPS "everywhere at all times" does not, causes issues, and I disagree with this attempt by browser makers and CAs alike (who all have financial interest in making this happen) to "deprecate http" as a whole.

As for the points you don't understand: (1) is from a network operator point of view. If you're out of the 'loop" on the content of the stream, you can't do anything with it, including caching. (3) once again from a network operator point of view, larger infrastructures this time, compression is applied to network layer traffic in many places, completely transparently and independent of individual connections or protocols. Do you think the Trans-Atlantic pipe is going to have anything sent through it without compression?

[squarefractal]

I disagree with this attempt by browser makers and CAs alike (who all have financial interest in making this happen) to "deprecate http" as a whole.

As far as this is concerned, EFF is working on an automated CA named "Let's Encrypt" that automatically generates DV certs for sites, once they prove to have the ownership of the site (and it's free).

I'd never assume that routing points around the globe would also participate in network traffic reduction techniques. I understand compression of data in transit, but caching? How would the routing points know which data to cache and which not to?

For point (2), setting "Cache-control: public" for data transmitted over the HTTPS protocol would make the browser cache it. I guess you just have to leave compression as the responsibility of the server operators. Caching won't be possible, but then CDNs can fill up the space here.