IETF Logo Mail Archive

Re: [apps-discuss] draft-farrell-decade-ni-02 - we think this is done...

Carsten Bormann <cabo@tzi.org> Fri, 06 April 2012 12:08 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB6421F85E3 for <apps-discuss@ietfa.amsl.com>; Fri, 6 Apr 2012 05:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.716
X-Spam-Level:
X-Spam-Status: No, score=-106.716 tagged_above=-999 required=5 tests=[AWL=-0.467, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b9O5jr1uPStE for <apps-discuss@ietfa.amsl.com>; Fri, 6 Apr 2012 05:08:48 -0700 (PDT)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) by ietfa.amsl.com (Postfix) with ESMTP id 5D26E21F85D3 for <apps-discuss@ietf.org>; Fri, 6 Apr 2012 05:08:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id q36C8Ztc004495; Fri, 6 Apr 2012 14:08:36 +0200 (CEST)
Received: from [192.168.217.105] (p54899D39.dip.t-dialin.net [84.137.157.57]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id F0C4182C; Fri, 6 Apr 2012 14:08:34 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="iso-8859-1"
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <4F7EC545.7090702@cs.tcd.ie>
Date: Fri, 06 Apr 2012 14:08:34 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <93FE0923-1A47-4E97-94E9-559B3E217F01@tzi.org>
References: <4F7DFC47.2020604@cs.tcd.ie> <DDCD3226-782B-46E5-9CEB-61E4773CE0B2@tzi.org> <4F7EC545.7090702@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1257)
Cc: Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] draft-farrell-decade-ni-02 - we think this is done...
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2012 12:08:50 -0000

On Apr 6, 2012, at 12:28, Stephen Farrell wrote:

>> I believe for this to be the replacement of "unsecure links out of HTTPS", the secure media type issue must be solved in the base spec.
>> (Oh, and is there ever a need to discuss content-coding in this context???)
> 
> Not sure what you mean by "solved" can you elaborate?

The problem is that the ni: hash only secures the bytes of the payload.
(At least that's my assumption -- it might be worth saying explicitly what is hashed here, BTW.)

The entity I would have been retrieving over a secure HTTPS channel also has metadata.
Many of these are not critical, as they only pertain to the retrieval process (say, the Etag).
However, the media type is critical for correctly interpreting the returned result.
While I'm not aware of the proverbial contract text that means something different when interpreted as SJIS instead of UTF-8, attacks on the basis of swapping the media type are conceivable.  (Also, there is lots of potential for misconfiguration, damaging the reliability.)

I'm naming content-coding as another example that it is not quite clear what is the input to the hash function.
So maybe it is worth having another (normative) document that spells out how exactly ni:// is used in the Browser Web (among others, to solve the "unsecure links" problem)?

Grüße, Carsten

v2.23.0 | Report a Bug | By Email