One of the paradoxes I struggle with in my work, is the conflict between crypto and reliability.
Crypto is important. But it is very binary in nature - either the stars align and you can decrypt, or it fails and there's no recovery. With that kind of binary, reliability suffers. This is inevitable.
As an example, most of the Mastodon downtime I've experienced has been related to minor SSL certificate blunders.
I feel like most of the #InfoSec community wilfully ignores this dynamic.
I think it's really interesting to follow Dave Winer (inventor of RSS) on Twitter - he's very concerned about the current push towards HTTPS.
He's afraid raising the secrity bar will make the web less open and less accessible. And he's right; adding technical requirements favours the entrenched big players with big budgets.
Dave also fears for the historic web, in the (unlikely?) event that browser vendors actually deprecate HTTP.
I don't agree with everything he says, but the POV has value.
@HerraBRE My web hosting doesn't reasonably support cheap SSL. Thankfully I have little reason to deploy it, since I don't give a half a crud how Google ranks my websites.
@HerraBRE MITMing most web traffic is pretty uninteresting, encrypting it is good, sure, but the cost is high, especially since you're now dependent on a centralized list of CAs.
Whoever thought requiring a CA for encrypting traffic was cool should be publicly shamed for all eternity.
@ocdtrekkie You're missing a threat which is actually common in the wild: MITMing to inject crapware.
ISPs do this, this isn't hypothetical.
Also, if you believe people should be able to surf anonymously and want Tor users to have access, consider that it's super easy to spin up a malicious exit node that corrupts traffic.
Securing your sites with TLS protects your visitors' from that sort of thing, which makes it worth doing almost no matter what sort of content your provide.
@HerraBRE I try to avoid ISPs when inject junk. Arguably, if the ability to inject junk is part of your agreement with them (and one would hope it is factored into the price/value equation), they should be able to in nonsecure contexts.
I'd be happy to jump on the encryption bandwagon, that being said, if CAs weren't involved. They've been proven untrustworthy over and over again. The fact that we have people trying to push a *mandate* that we deal with them is borderline insane.
@HerraBRE (Re: ISPs that inject junk, NetZero was an amazing thing to exist back i nthe day.)
@ocdtrekkie Again, it's not about you. It's about your users.
People don't know about these terms and they don't know the implications. And they may have no choice, not all areas have competing ISPs.
Anyway, such EULAs are problematic for a bajillion reasons, I'm surprised you'd use them as justification for anything!
You can shrug and say their ISP is not your problem. I tend to err on the side of saying we have a duty of care towards our users, but people can disagree with me on that. ๐
@HerraBRE @ocdtrekkie Also, people on such ISPs (including many national mobile providers, I understand) maybe won't be sophisticated enough to distinguish between what's actually on your site and what the ISP has injected. They'll just see that your site has silly ads or whatever.
