I’d like to vent today about a problem I’ve known about for a while but that I encountered again today. Bear with me: even understanding the problem requires a bit of set-up.
Everybody knows what HTTPS means, right? The basic web works using HTTP, the hypertext transfer protocol. When you type lettersblogatory.com into your browser, the browser sends a GET request to my server, which responds by sending the text of my web page and the markup that lets your browser display things correctly. HTTPS is just like HTTP, except that before your computer and my server exchange any data, they do a pas de deux that results in all of the data exchanged being encrypted so that no one with the ability to see the data in transit between the two machines can read it. Big Brother can tell that you have navigated to some page in my site, but he cannot tell which page, nor can he read what I send you, or what you send me as a comment or via the contact page. HTTPS does something else, too: it ensures that Big Brother can’t impersonate my server and send inauthentic data. If you ever see a post that says “Gurung v. Malhotra was rightly decided,” you can be pretty sure Big Brother has defeated HTTPS.
How does HTTPS give you assurance that my server is really my server and not some imposter? A third party that your browser knows to trust, known as a certificate authority, cryptographically signs the encryption key my server sent to your server during the pas de deux. The net result is that you don’t have to trust the key my server sends you as long as you trust the certificate authority. Clever!
Anyway, there are a bunch of ways Big Brother can try to attack HTTPS. Here’s a particularly nasty one. I’m not sure I have all the details right. Suppose Big Brother controls the wifi network you’re using. He can redirect your request. So suppose you’re sitting at Logan Airport using the public wifi and you want to catch up on the wide, wide word of international judicial assistance. So you navigate to lettersblogatory.com. If you look at what’s going on behind the scene, you’ll see that the signed key you receive, which encrypts your communications and is supposed to authenticate your communications, doesn’t come from lettersblogatory.com. It comes from Boingo Hotspot! Someone, without your knowledge, is intercepting your communications, unencrypting them, and then renecrypting them and sending them on to my server. Yikes!
Now, as I said, I’ve been aware of this problem for a while, and my server is configured not to allow modern browsers to connect to lettersblogatory.com if Big Brother is watching–at least when your browser has previously connected to Letters Blogatory and has stored the correct certificate in its cache. Great! Except now you simply can’t read Letters Blogatory at Logan, unless you use your own hotspot or a cellular network.
This is ridiculous. I assume that anyone sophisticated about these things will know not to send purloined trade secrets or the next batch of whistleblower docs via public wifi. So who, exactly, is being spied on, and why? Why do I have to make like a character on The Americans to connect securely to my own website?