This week, I’d like to start a short series on the social failures of good security on the web, focusing on the disuse of HTTPs, and the absence of good (or – at least – best practice) authentication on the web. This first entry is an attempt to explain why HTTPs is used so infrequently. Last week, I talked about why I think that – even in the absence of strong authentication – HTTPs is still a good system, and should be in general use. However, this is clearly not the case. Why not?
As I pointed out last week, HTTPs actually doesn’t suck, even in the absence of a good authentication framework. Don’t get me wrong, authentication is great. However, authentication is a really hard problem, and one that we certainly haven’t come that close to solving yet.1 In the mean time, there still loads of benefits to using HTTPs, so why is it so rare to see sites using HTTPs by default?
Unauthenticated HTTPs damages the user experience, and user trust. All modern browsers implement the PKI hierarchical trust model, since it’s the current best-practice standard for authentication. Part of this involves giving the user scary and intimidating warnings when visiting HTTPs pages which cannot be authoritatively authenticated. And with good reason: without this step, HTTPs MiM attacks would be much easier to conduct, and likely effective, and prevalent. Any sort of online commercial transaction would be at best impossible, and at worst, wildly insecure.
However, this has significant negative repercussions for deliberately unauthenticated HTTPs. HTTPs warnings are scary and intimidating. If I can’t afford a CA-signed SSL certificate2, but want to use unauthenticated HTTPs anyway, then my users will be presented with a scary security warning when they visit my site, possibly every time they visit my site. That’s right: my users’ browsers will give them scary security warnings if use unauthenticated HTTPs, but not if I use plain old insecure HTTP. As far as the messages users get from their browsers are concerned, unauthenticated HTTPs seems scary and insecure compared to plain old HTTP: a reversal of the actual situation in this context.
No commercial website wants their users to feel insecure, so why use (more secure) unauthenticated HTTPs when (insecure) HTTP avoids any nasty security warnings that make users think about such things?
Next week – Why do so many websites do user authentication so poorly?
1 – When the first step in implementing the current authentication system is: “Identify someone who is trusted by everybody in the world,” you know that there’s still a lot of work to be done on this problem.
2 – Or, if I don’t want to financially support the PKI model; don’t think that a CA‘s signature is valuable for authentication; don’t want to encourage my readers to trust CAs; or for any number of other economic, technical or philosophical reasons don’t think that a CA‘s signature is worth the money.