On 11/17/20 11:57 AM, Peter Saint-Andre wrote:
Keith, you said something similar on the UTA WG list earlier this year
when we talked about adding a work item to revise BCP 195 in the light
of TLS 1.3. It would be helpful if you could explain your thinking in
more detail.
Yeah, I've been working on a draft about the realities of (mostly-)
disconnected LANs. I need to get it out the door.
Are you concerned that web browsers which eventually
deprecate HTTP without TLS will make it impossible for people to
interact with certain deployed Internet appliances? Do note that when
the time comes such web browsers will provide an escape hatch: they
won't make it impossible to use HTTP without TLS, but they will force
the user to make an explicit decision about setting up an unencrypted
connection.
I'm all for making such decisions more visible to users, but as we all
know popup dialogs tend to get misunderstood - some people just blindly
click-through, some people think something's wrong when there's really
nothing wrong. Not sure how to solve that problem.
Here again (as with Adam Roach's messages about the IETF's
FTP service) it's a question of tradeoffs and cost/benefit analysis.
I don't think we've really seen any such analysis in regard to the FTP
service, partly because it's hard to know just what those FTP clients
are doing with the RFCs they download.
Because the vast majority of web browsing activity involves interacting
with sites on the open web, not with Internet appliances, it seems
reasonable to protect users during such interactions to prevent a wide
array of attacks and abuses, from password sniffing to eavesdropping to
tracking and profiling. However, also giving users the ability to
explicitly choose unencrypted connections in certain special
circumstances seems to me to strike the right balance.
The devil is in the details, especially in user interface details. But
I'm not encouraged by the behavior of old browsers that can't talk to
newer versions of TLS. In my experience, they simply refuse to work at
all. They don't give the user any options.
Keith
