“Pervasive monitoring is a
technical attack that
should be mitigated in the
design of IETF protocols,
where possible.”
— IETF
https://tools.ietf.org/html/rfc7258
Slide 4
Slide 4 text
“Today we are
announcing our intent to
phase out non-secure
HTTP”
— Richard Barnes, Firefox Security Lead
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
Slide 5
Slide 5 text
HTTP/2 is TLS only in
Chrome and Firefox
https://wiki.mozilla.org/Networking/http2
Slide 6
Slide 6 text
Now Later
Less
TLS
More
TLS
Slide 7
Slide 7 text
TLS knowledge is now
essential
Slide 8
Slide 8 text
We are bad at TLS
Slide 9
Slide 9 text
78% of sites are not secure
https://www.trustworthyinternet.org/ssl-pulse/
97% do not support HSTS
https://www.trustworthyinternet.org/ssl-pulse/
Slide 12
Slide 12 text
37% do not support Perfect
Forward Secrecy
https://www.trustworthyinternet.org/ssl-pulse/
Slide 13
Slide 13 text
“misconfiguration errors
are undermining the
potential security”
— Kranch & Bonneau (2015)
http://www.internetsociety.org/sites/default/files/01_4_0.pdf
Slide 14
Slide 14 text
“industry-wide configuration
problem with the
deployment of DHE key
exchange”
— Huang, Adhikarla, Boneh, & Jackson
(2014)
http://www.w2spconf.com/2014/papers/TLS.pdf
Each individual has a key
by the time the process is
complete
Slide 61
Slide 61 text
Demo
Slide 62
Slide 62 text
s is a premaster secret
from which the master
secret is derived
Slide 63
Slide 63 text
Master secret is the key
used for encryption
Slide 64
Slide 64 text
Trapdoor functions
Slide 65
Slide 65 text
Easy one way
Slide 66
Slide 66 text
Impossibly difficult the
other way
Slide 67
Slide 67 text
If a, b, g, or p are
different, s is different
Slide 68
Slide 68 text
Perfect forward secrecy
Slide 69
Slide 69 text
Lavabit
Slide 70
Slide 70 text
I failed to update the
Lavabit SSL configuration
to prefer ciphers that
provided perfect forward
secrecy.
— Ladar Levison
http://arstechnica.com/security/2013/11/07/op-ed-lavabits-founder-responds-to-
cryptographers-criticism/
Slide 71
Slide 71 text
Cipher Suites
Slide 72
Slide 72 text
Combination of
algorithms for
authentication, integrity,
encryption, and key
exchange
A theoretical weakness
became practical.
— Ladar Levison
http://arstechnica.com/security/2013/11/07/op-ed-lavabits-founder-responds-to-
cryptographers-criticism/
Slide 123
Slide 123 text
I missed that
development.
— Ladar Levison
http://arstechnica.com/security/2013/11/07/op-ed-lavabits-founder-responds-to-
cryptographers-criticism/