DRAFT TAG Finding -- no current standing
This finding documents the TAG's position on the use of encryption on the Web.
Over the last 25 years, the Web has grown into a platform for much of the world's communication, whether it be information sharing, community building, commerce, education, social networking, or underpinning applications.
In meeting these needs, the Web's trustworthiness has become critical to its success. If a person cannot trust that they are communicating with their intended party, they won't use the Web to shop; if they cannot be assured that their news isn't modified in transit, they won't be as informed. If someone cannot be assured that they're talking only the intended recipients, they will avoid social networking.
These important properties of authentication, integrity and confidentiality are best -- if imperfectly -- provided to the Web platform by Transport Layer Security (TLS), through use of HTTPS URLs in place of HTTP.
In the past, Web sites have deployed HTTPS rarely; often, only when financial transactions take place. More recently, however, it has become apparent that nearly all activity on the Web can be considered sensitive, since it now plays such a central role in everyday life. Attacks like pervasive monitoring only increase the urgency and relevance of establishing a baseline for trust on the entire Web.
Therefore, the TAG finds that the Web platform should actively prefer secure origins -- typically, by encouraging use of HTTPS URLs instead of HTTP. Furthermore, we find that the end-to-end nature of TLS encryption, when in use, must not be compromised on the Web platform, in order to preserve trust.
We recognize that end-to-end encryption will not solve all -- or even many -- security problems in the Web platform. However, it does serve as an important and necessary baseline for further developments. This is especially true as the platform becomes more powerful, and thus more dangerous to use "in the clear".
Likewise, we realize that transitioning to a secure origin may not be easy for all sites. While the CPU overhead of TLS has been largely overcome by advances in processor technology, the Web platform itself makes changing schemes difficult, both because URLs themselves need to change, and because the URL scheme is also used to trigger different behavior in many platform features. These problems ought to be viewed as opportunities for improvement in the platform, rather than reasons to stop adoption of encryption.
We acknowledge that in some cases, networks currently rely upon cleartext access to network flows to impose policy (e.g., filtering) and optimize content. However, we believe that policy imposition is best performed at the endpoints of a connection. Furthermore, providing network-based optimization is not a valid reason to violate trust on the Web, and should be made unnecessary in the medium-to-long term by other improvements in the Web platform (see the Web Performance Working Group, for example).
Finally, some have expressed fear that an encrypted Web will benefit those with purposes that are distasteful or even dangerous. We reject these arguments; the Web is a tool that can be used to many ends, and possible misuse does not imply that the tool should be so limited as to not fit its purpose.
The TAG will work with the Web Applications Security Working Group to define the details of how this policy will be implemented as a Recommendation.
This finding builds upon and explicitly acknowledges the Internet Architecture Board's Statement on Internet Confidentiality and the Chromium Security Team's "Prefer Secure Origins For Powerful New Features".