[lunixbochs]

I'm not sure how I feel about the Political PostScript section. It raises the following points against the concept of "SSL Everywhere":

- "you don't want to bog down your countrys civil defence agency with SSL/TLS protocol negotiations if their website is being deluged by people trying to survive a natural disaster"

- "there are people who do not have a right to privacy"

- "SSL Everywhere will force institutions to either block any internet connectivity or impose Man-in-The-Middle proxies"

- "SSL Everywhere [gives privacy] to the actors I think deserve it the least"

- "shady behaviour of big transnational, and therefore law-less, companies have been exposed by security researchers (or just interested lay-people) who ran tcpdump"

- "SSL Everywhere puts all traffic in the shade"

--------

My opinion:

Without TLS, the Internet is either read-only or has reasonably high security risk.

I also noticed varnish-cache.org was served to me over TLS.

[profmonocle]

> SSL Everywhere will force institutions to either block any internet connectivity or impose Man-in-The-Middle proxies

MITM proxies are already how many organizations handle web filtering. (aka "transparent proxies") TLS just necessitates that the organization have some control over the device being MITM'd to do so. (to install their cert)

[phkamp]

... And now they also need to circumvent Googles cert-pinning and other attempts to twart even legally mandated MiTM proxies...

Either all MiTM needs to be outlawed (with actual laws) or protocols need to recognize that laws mandate MiTM some places, and accommodate that with minimal loss of security and privacy.

The current weapons race just makes things more and more broken.

[rdl]

Local CAs are allowed to override even cert-pinning for this reason.

[phkamp]

Right, so when you're guest at a company you have to install their CERT on your device to use their guest-wlan ?

If you're an employee you have to put the company CERT on your smartphone ?

How does that improve your security ?

[snowwrestler]

Guests shouldn't be on the corporate network anyway. Either companies will provide a guest WiFi signal that is physically separate from the corporate network (that's what my employer does), or they will ask guests to provide their own connectivity via LTE.

[falcolas]

If a federal site can survive being DDOSed, it can probably survive normal traffic.

And I fundamentally disagree with the premise that there are people who do not deserve privacy. I can not think of a single person I would wish complete exposure of their lives upon.

[Loic]

Some people do not have the rights to online privacy. For example, when accessing a website from the library of a jail. The authorities want and need to know what you do, this for some obvious and understandable reasons. I agree this is a particular case, but this is still a case for allowing a website (as long as this is anonymous usage of it) to be available without SSL.

[bryanlarsen]

Jails can still use MITM monitoring proxies without disabling SSL: they just have to install certs on the machine.

[vbezhenar]

Does it work with sites like Google from Google Chrome where browser knows about their public keys? I think that this will be wide practice in modern browsers.

HSTS/HPKP headers could be stripped by proxy but preloaded public key list probably will require custom browser build.

[falcolas]

Yes, it does. Google intentionally adds exceptions from error reporting in the case a root CA was added to the OS.

[johannes1234321]

Even for read-only encryption is important for privacy. An observer can conclude your interests from what you read and can manipulate the contents.

[nine_k]

Any security measure either works for everyone, or for no one. There's no way to give good privacy to "good" people and easily compromise it for "bad" people, for any definition of "good" and "bad".

If "bad" people outnumber "good" people in your world view, then yes, it's entirely reasonable to deny everyone privacy.

What are the institutions that are hell-bent on listening to everyone's traffic? China government? OK, serve them non-sensitive content via plain HTTP; they'll filter or alter it to their liking. Possibly you're fine with this. NSA? Well, maybe something can and should be done to it that we can't do to the China government?

(Not to self: when planning a deployment, consider other options before turning to Varnish cache.)