NNSquad - Network Neutrality Squad
[ NNSquad ] Re: [ PRIVACY ] Would You Know if Your ISP Tampered With Your Web Pages?
A "Content-MD5" header won't help at all, you need a "Content-Public-Key-Signature". A digest (well, SHA512 digest, MD5 is broken) is insufficient, as it doesn't provide any verification that the checksum itself hasn't been tampered with. The problem is, this would cost considerably more on server-side computation than SSL-everywhere, as SSL only has the public key exchange during connection setup, but the signature requirement would apply to every element separately. However, it wouldn't have the session initiation latency that SSL has. You will still need the certificate change as well, otherwise you can get MITM just as you are on the unsigned pages. What is really required is Auth-TCP/TLS, where the key exchange material is included in the Syn & SYN-ACK (so no extra RTT in connection setup, as this is also a huge cost of SSL/TLS), and which is used to create message integrity on subsequent TCP packets, but which defers any computation on the server side until the 3-way handshake completes (a'la SYN-cookies). Developing the standard is left as an exercise to the reader (and might prove hard in practice).