Towards a more secure web, and better TLS
Today an interesting paper (written with the assistance of the EFF) was released. The authors have found evidence that governments are compromising trusted "certificate authorities" by issuing warrants to them, compelling them to create a false certificate for a site whose encrypted traffic they want to snoop on.
That's just one of the many ways in which web traffic is highly insecure. The biggest reason, though, is that the vast majority of all web traffic takes place "in the clear" with no encryption at all. This happens because SSL/TLS, the "https" system is hard to set up, hard to use, considered expensive and subject to many false-alarm warnings. The tendency of security professionals to deprecate anything but perfect security often leaves us with no security at all. My philosophy is different. To paraphrase Einstein:
Ordinary traffic should be made as secure as can be made easy to use, but no more secure
In this vein, I have prepared a new article on how to make the web much more secure, and it makes sense to release it today in light of the newly published threat. My approach, which calls for new browser behaviour and some optional new practices for sites, calls for the following:
- Make TLS more lightweight so that nobody is bothered by the cost of it
- Automatic provisioning (Zero UI) for self-signed certificates for domains and IPs.
- A different meaning for the lock icon: Strong (Locked), Ordinary (no icon) and in-the-clear (unlocked).
- A new philosophy of browser warnings with a focus on real threats and on changes in security, rather than static states deemed insecure.
- A means so sites can provide a file with advisories for browsers about what warnings make sense at this site.
There is one goal in mind here: The web must become encrypted by default, with no effort on the part of site operators and users, and false positive warnings that go off too frequently and make security poor and hard to use must be eliminated.
If you have interest in browser design and security policy I welcome your comments on A new way to secure the web.