Over a year ago, when we first announced SPDY, the most prominent criticism was the requirement for SSL. Weâ€™ve become so accustomed to our unsecure HTTP protocol, that making the leap to safety now seems daunting.
Since that time, many things have happened, and it is now more clear than ever that SSL isnâ€™t an option â€“ itâ€™s a matter of life and death.
SSL was invented primarily to protect our online banking and online purchasing needs. It has served us fairly well, and most all banks and ecommerce sites use SSL today. What nobody ever expected was that SSL would eventually become the underpinnings of safety for political dissidents.
Last year, when China was caught hacking into Google, were they trying to steal money? Two months ago, when Comodo was attacked (and suspected the Iranian government), did they forge the identities of Bank of America, Wells Fargo, or Goldman Sachs? No. They went after Twitter, Gmail, and Facebook â€“ social networking sites. Sites where youâ€™d find information about dissidents, not cash. To say that these attacks were used to seek and destroy dissidents would be speculation at this point. But these incidents show that the potential is there and governmental intelligence agencies are using these approaches. And of course, it is well known fact that the Egyption government turned off the Internet entirely so that their citizens could not easily organize.
The Internet is now a key communication mechanism for all of us. Unfortunately, users canâ€™t differentiate safe from unsafe on the web. They rely on computer professionals like us to make it safe. When we tell them that the entire Web is built upon an unsecured protocol, most are aghast with shock. How could we let this happen?
As we look forward, this trend will increase. What will Egypt, Libya, Iran, China, or Afghanistan do to seek out and kill those that oppose them? What does the US government do?
Fortunately, major social networking sites like Facebook and Twitter have already figured this out. They are now providing SSL-only versions of their services which should help quite a bit.
So does all this sound a little dramatic? Maybe so, and I apologize if this sounds a bit paranoid. Iâ€™m not a crypto-head, I swear. But these incidents are real, and the potential is real so long as our Internet remains unsecure. The only answer is to secure *everything* we do on the net. Even the seemingly benign communications must be encrypted, because users donâ€™t know the difference â€“ and for some of them, their lives are at stake.
6 thoughts on “SSL: It’s a Matter of Life and Death”
While SSL is important and an insecure web is a significant problem (as FireSheep recently demonstrated), the price to pay for an SSL-only web (beyond the extra server side work/cpu) is that we won’t be able to use caching and CDNs to reduce latency and diminish network costs. While SPDY can help with some of the latency issues (since we “pay” less for latency), it is still a heavy price to pay.
Are there any suggestions that will enable CDNs/caches to co-exist with an SSL-only web?
Mike, it’s true that trustworthy encryption is required.
But the SSL/TLS model of trusted Certificate Authorities cannot deliver trustworthy encryption. For example, the Chinese government operates it’s own trusted CA, so when someone is connecting to Facebook from China, they cannot be sure their connection is not being intercepted by the Chinese authorities, despite using SSL.
Could a future version of SPDY fix this problem?
This won’t happen with existing x509 root certificate authorities, unless domain-validated certificate pricing rockets down, or becomes widely free. Would be interesting to see a PGP-based alternative so web content that doesn’t need to be encrypted can still be signed and verified as legit. Not only that, but it can fully replace account authentication *and* be used to encrypt content between client and server (with the encryption being unique too, due to differing keypairs for each individual), which is near-on impossible to MITM due to the added security of a passphrase for a key and there being no single point of authority.
@yoav: You’re thinking too narrowly. No matter what the costs are, the content providers need to pay those costs. Google, Facebook, and Twitter are already moving this way, everyone should.
@Ricky: SSL certificates already are free! http://cert.startcom.org/ Agree on PGP.
@yoav, Amazon’s CloudFront CDN works with SSL.
Hi Mike, I know of Startcom 🙂 I did say ‘widely free’ though. Startcom have the right idea for their industry.
That being said, this is the first I’ve heard of SPDY and I certainly look forward to a polished product in the future. All the best.