@@ -523,4 +523,82 @@ SIGCOMM 2017.
5235236.5 A Systems View of TLS
524524------------------------------
525525
526- .. talk about how user sees things from browser
526+ When we talk about "The Systems Approach", we always come back to the
527+ need to consider how all the parts of a system interact with each
528+ other to form a coherent whole, rather than just looking at single
529+ components in isolation. For example, TLS is a system that includes
530+ both public-key and symmetric-key cryptography, authentication and
531+ privacy mechanisms, certification authorities, and sub-layers such as
532+ the record protocol and the handshake protocol. But the systems
533+ approach applies recursively too. As we have already seen, it is
534+ important to look at how TLS sits within the overall protocol stack,
535+ with HTTP and other applications above it, and a choice of transport
536+ layer protocols (TCP and QUIC) below it. The interactions among these
537+ layers have proven critical to the performance of the World Wide Web
538+ and other applications that run over HTTPS.
539+
540+ We can take yet another step back and consider a broader system that
541+ includes end users, their browsers, and the servers that make up the
542+ World Wide Web. For most users, the only indication that TLS is being
543+ used when they browse the Web is a little padlock icon next to the URL
544+ in the browser's address bar. Over the decades that SSL and TLS have
545+ been in use, the browser companies have, with some success, educated
546+ users to expect encrypted connections to most web sites, particularly
547+ when data is being sent by the user. If a user tries to send data
548+ (e.g., by filling out a form) over an unencrypted HTTP connection, the
549+ browser pops up a warning about the risk of doing so. If a certificate
550+ has expired or does not match the URL of the site being browsed,
551+ another warning is presented. Users can generally choose to override
552+ these warnings but the overall effect is to reinforce behaviors that
553+ are more secure and discourage those that are insecure.
554+
555+ Certification authorities are a critical part of this overall
556+ system. Most users have no way to determine whether any given CA does
557+ its job properly. As discussed in Chapter 4, the way that CA
558+ hierarchies work means that a lot of trust is placed at the top-level
559+ CAs. These are the CAs that are trusted by default in browsers; if
560+ they trust lower-level CAs that are not doing a good job of verifying
561+ the legitimacy of organizations to whom they issue certificates, it
562+ creates weaknesses in the overall CA system that can be exploited.
563+
564+ An important development in the deployment of TLS was the creation of
565+ Let's Encrypt, a CA run by a non-profit that provides TLS certificates
566+ at no charge. By making certificates free for web sites, Let's
567+ Encrypt helped advance the cause of making encrypted connections on
568+ the Web the default. Prior to the establishment of Let's Encrypt, it
569+ was typical for sites to pay for a certificate from a CA, and the cost
570+ was non-trivial for small sites. Let's Encrypt issues
571+ *domain-validated certificates *. Issuance of these certificates can be
572+ fully automated and depends on the domain implementing a
573+ challenge-response protocol known as ACME (Automated Certificate
574+ Management Environment). We won't dwell on the details here, but the
575+ availability of certificates that are both free and automatically
576+ issued and renewed has dramatically increased the adoption of
577+ HTTPS. This in turn helps with setting user expectations that a
578+ padlock should be present in their browser's address bar, even if they
579+ have no understanding of what is going on under the covers.
580+
581+ One area that remains challenging for end users is the ability of
582+ malicious actors to create sites that look legitimate and use URLs
583+ that are similar enough to the original to fool users. This might be
584+ done using easily missed spelling errors (accoounts-google.com being
585+ one infamous example). An encrypted connection is of no value to the end
586+ user if they are being connected to a malicious site. In
587+ Chapter 9 we take a look at passkeys as part of the solution to the
588+ problem of phishing attacks that steer users to such sites. Again, the
589+ system that we are trying to protect is more than just a connection
590+ from a browser to a web site.
591+
592+ One conclusion to draw from this discussion is that we need to take a
593+ broad view of the "systems" that we are trying to secure, and the way
594+ that users interact with the system are critical to its success. It's
595+ also worth recalling some of the points from earlier in the book: any
596+ analysis of security should start by looking at the threats that we
597+ need to protect against. And there are always going to be trade-offs
598+ between the costs we are willing to pay and the security we can
599+ provide. TLS is not a perfect of complete solution but it has
600+ certainly done a lot to improve security of communication on the
601+ Internet.
602+
603+
604+ .. consider a reference on Let's Encrypt, anything else?
0 commit comments