IETF Logo Mail Archive

Re: [apps-discuss] I-D Action: draft-nottingham-http-browser-hints-02.txt

Barry Leiba <barryleiba@computer.org> Wed, 31 August 2011 16:27 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A47F821F8CD7 for <apps-discuss@ietfa.amsl.com>; Wed, 31 Aug 2011 09:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.026
X-Spam-Level:
X-Spam-Status: No, score=-103.026 tagged_above=-999 required=5 tests=[AWL=-0.049, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BDvJMD-KHY9 for <apps-discuss@ietfa.amsl.com>; Wed, 31 Aug 2011 09:27:35 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0B19F21F8CD2 for <apps-discuss@ietf.org>; Wed, 31 Aug 2011 09:27:34 -0700 (PDT)
Received: by gxk19 with SMTP id 19so853159gxk.31 for <apps-discuss@ietf.org>; Wed, 31 Aug 2011 09:29:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=/GYCXQKO92HDg2W2ggDJUbeJX5Acgt88+YXf3ltBpkE=; b=mxQvHNxpdNiDttEnRFbnMyoWzeMsePBvhmzoce/UzDZPLkjmE8gICKSGSnks6IJnsj jrlOlNziIBOBXZ9DHodjeAjHBfyCaUOIqf/Wz4VwpT/Z754IN4nizdug9fONXTeMfZr+ 3qMKjWBiak+3hqSWwoKO9LStkJiUgG62VHUp0=
MIME-Version: 1.0
Received: by 10.236.72.233 with SMTP id t69mr3278175yhd.55.1314808143980; Wed, 31 Aug 2011 09:29:03 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.236.208.35 with HTTP; Wed, 31 Aug 2011 09:29:03 -0700 (PDT)
In-Reply-To: <4E5E5F22.4010407@gmail.com>
References: <20110531062229.28776.82429.idtracker@ietfa.amsl.com> <0CE9268E-5802-4B0A-B643-F580E7F048B5@mnot.net> <4E5BB162.6010101@gmail.com> <D42B156C-33BD-4F8F-8958-A2E7900E055D@mnot.net> <4E5E47BB.3010403@gmail.com> <4E5E47FB.9050100@stpeter.im> <4E5E49A5.1020106@gmail.com> <CAC4RtVCms5uqJFTjXRjmVOtSr88qZFJN632KeRKhekVaMXETyA@mail.gmail.com> <4E5E5F22.4010407@gmail.com>
Date: Wed, 31 Aug 2011 12:29:03 -0400
X-Google-Sender-Auth: wNevi9Kj2GsLx5t91VxsvgODyno
Message-ID: <CALaySJJ4SncHbF0wZ-0wAtM=7ccmYZHdSG=sH0ejSB5=RRbHVQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Mykyta Yevstifeyev <evnikita2@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Mark Nottingham <mnot@mnot.net>, apps-discuss@ietf.org
Subject: Re: [apps-discuss] I-D Action: draft-nottingham-http-browser-hints-02.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 16:27:35 -0000

>> A client that wants to use HTTPS, but isn't sure whether this part of
>> the site supports it, can do it one of two ways:
>>
>> 1. Try HTTPS.  If it doesn't work, fall back to HTTP.
>>
>> 2. Use HTTP.  If a "hint" is included in the HTTP response that says
>> HTTPS is OK, then switch to HTTP.
>>
>> You're proposing 2.  Is that right?
>>
>> Assuming that's right, I'm saying that 1 is better.
>
> You're right.  But: a client needs to do 1 for each time it tries to access
> something whereas 2 would only be required once.  2 is more practical; are
> there any other considerations which led you to the conclusion that 1 is
> better?

2 is not more practical.  Very few (probably no) web sites will have
HTTPS enabled or disabled item by item.  In reality, clients will try
HTTPS, it will work, and it will continue to work for most or all of
what they're doing at that site.  When it fails, they'll fall back to
HTTP and continue using it for the section of the site for which HTTPS
failed.

On the other hand, method 2 requires that they try to figure out when
they can safely use the hint they were given before.  When, exactly,
is it that they cross over into another part of the site, which might
not support HTTPS?  If they get it wrong, they wind up with method 1
anyway.

Apart from that, method 1 ensures that if they can use HTTPS, the
entire client session (that is, all interactions between the client
and the site in question) is protected by TLS.  With method 2, the
initial communication is in the open, unprotected, and the client has
to switch to protection after getting the hint.  That creates a window
for snooping.  Also, a MitM attacker can remove the HTTPS hints,
preventing the client from ever even trying SSL.

This looks like a bad solution in search of a problem.

Barry

v2.23.0 | Report a Bug | By Email