Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme

Nico Williams <nico@cryptonector.com> Tue, 07 June 2011 23:09 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D4C211E8072; Tue, 7 Jun 2011 16:09:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.477
X-Spam-Level:
X-Spam-Status: No, score=-2.477 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MHkmy3WubpgE; Tue, 7 Jun 2011 16:09:43 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by ietfa.amsl.com (Postfix) with ESMTP id B51E511E8101; Tue, 7 Jun 2011 16:09:35 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTP id 814A36B007C; Tue, 7 Jun 2011 16:09:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=QLYkrGySk//VPWRH3vMHrMV8l2HEQvF1xxPvYlBiRmAE Jxq9R0DFm3wvipjvYpLqQl08u5WRzRD1h32LEaU3dKWEBF3B0HMuri4j+V7f01t4 +QE0YmqDfugwYrZuEsZYkN47HG0JDUN/2L8GxShEc+uSVYTx5I5By9Mepcg5Eks=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=4lDtf11LS1OMOrjp2f2TD2cUC94=; b=CwhMt7cv39b CP5Ha23E9xNjqKS7kvE96MhkupEMyW1fVjd9gn122BzPLaanpyzeuiZWZqPYruwX FJdSjt9cEyHm1XTnA7y8NtYmkypvMlhGXJVefZ6NzTJlrBrHPMwc3ytz4lYDrEdW mYwwCxJcpfhrV8bchie14zU+ABEI07NE=
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTPSA id 4EC866B007B; Tue, 7 Jun 2011 16:09:35 -0700 (PDT)
Received: by pvh18 with SMTP id 18so1233930pvh.31 for <multiple recipients>; Tue, 07 Jun 2011 16:09:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.31.135 with SMTP id a7mr506451pbi.54.1307488174872; Tue, 07 Jun 2011 16:09:34 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Tue, 7 Jun 2011 16:09:34 -0700 (PDT)
In-Reply-To: <4DEEAD76.2090800@adida.net>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTikpQNyQdr9oWHhtJ7a7d-4ri0CNdA@mail.gmail.com> <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <1307486600.48324.YahooMailNeo@web31808.mail.mud.yahoo.com> <BANLkTi==5LjD7vW74tqB_sbSHrLjsJE6+A@mail.gmail.com> <4DEEAD76.2090800@adida.net>
Date: Tue, 7 Jun 2011 18:09:34 -0500
Message-ID: <BANLkTik7LyPWssAb0EBmx11hK53hiwgmrA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Ben Adida <ben@adida.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, Adam Barth <adam@adambarth.com>, "http-state@ietf.org" <http-state@ietf.org>, "William J. Mills" <wmills@yahoo-inc.com>, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
Subject: Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2011 23:09:44 -0000

On Tue, Jun 7, 2011 at 6:00 PM, Ben Adida <ben@adida.net> wrote:
> On 6/7/11 3:57 PM, Nico Williams wrote:
>>
>> Not if the MAC doesn't protect enough of the request _and_ response to
>> prevent active attacks.  Unless you don't care about those attacks
>> (which some of you have indicated), in which case why bother with the
>> MAC at all?
>
> A passive attacker can sniff your cookie and thus hijack your session. All
> you need to accomplish that attack is connect to any open wifi network and
> use Firesheep. It's a good bit harder to be an active attacker, even on an
> open wireless network.

Yes, but only for resources that you've already stated you don't care about.

If you cared about those resources you'd protect more of the request
_and_ response, or you'd use TLS.  But you don't want to protect the
response and you don't want to use TLS and you don't even want to
protect the request body.  What you're proposing adds a very marginal
degree of security that will be trivial to defeat on open wifi
(particularly once the toolset for doing it gets published).

Are we serious about security?  Or it this just for show?

Or am I missing something?

Nico
--