Re: [http-state] Origin cookies
Adam Barth <ietf@adambarth.com> Mon, 07 March 2011 08:09 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CCCD3A693E for <http-state@core3.amsl.com>; Mon, 7 Mar 2011 00:09:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.811
X-Spam-Level:
X-Spam-Status: No, score=-2.811 tagged_above=-999 required=5 tests=[AWL=0.166, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJj72VJKqDYw for <http-state@core3.amsl.com>; Mon, 7 Mar 2011 00:09:14 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by core3.amsl.com (Postfix) with ESMTP id 8C24B3A693B for <http-state@ietf.org>; Mon, 7 Mar 2011 00:09:14 -0800 (PST)
Received: by ywi6 with SMTP id 6so1939424ywi.31 for <http-state@ietf.org>; Mon, 07 Mar 2011 00:10:27 -0800 (PST)
Received: by 10.151.60.13 with SMTP id n13mr1974453ybk.387.1299485425937; Mon, 07 Mar 2011 00:10:25 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id 17sm412913ybk.0.2011.03.07.00.10.23 (version=SSLv3 cipher=OTHER); Mon, 07 Mar 2011 00:10:24 -0800 (PST)
Received: by iwl42 with SMTP id 42so4619140iwl.31 for <http-state@ietf.org>; Mon, 07 Mar 2011 00:10:23 -0800 (PST)
Received: by 10.43.56.136 with SMTP id wc8mr2431708icb.160.1299485423077; Mon, 07 Mar 2011 00:10:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.40.7 with HTTP; Mon, 7 Mar 2011 00:09:53 -0800 (PST)
In-Reply-To: <D63283A9-98CE-4A6C-9DF9-DAAA7E8549F2@koanlogic.com>
References: <AANLkTikTWEyOrUCZo3CbZeN61eqXEZ2JYeELV=R+paye@mail.gmail.com> <D63283A9-98CE-4A6C-9DF9-DAAA7E8549F2@koanlogic.com>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 07 Mar 2011 00:09:53 -0800
Message-ID: <AANLkTinwhzNqyw7M8JOucKPr3PpextfAEusMpn4Dn83V@mail.gmail.com>
To: tho <tho@koanlogic.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Origin cookies
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2011 08:09:15 -0000
On Sun, Mar 6, 2011 at 11:55 PM, tho <tho@koanlogic.com> wrote: > On Mar 6, 2011, at 2:46 AM, Adam Barth wrote: >> Hi http-state, >> >> Now that we're done with phase 1, I've updated my phase 2 proposal: >> >> http://www.ietf.org/id/draft-abarth-cake-01.txt > > it's not clear how the stated confidentiality and integrity properties are achieved. > > Could you please elaborate a bit about that ? Sure. Let's assume we're dealing with an active network attacker, as defined in Section 2 of this paper: http://www.adambarth.com/papers/2008/barth-jackson-mitchell-b.pdf In particular, we've got an honest user (Alice) using a standards-compliant web browser to visit an honest site (example.com) that's entirely hosted over HTTPS, but the user is using an untrusted network that's completely controlled by an attacker. In this setting, the attacker controls all HTTP responses but only HTTPS responses from host names owned by the attacker (for which the attacker can purchase a certificate). Also, in this model, the user never agrees to whitelist certificate errors. Confidentiality of Origin cookies is achieved the same way for Secure cookies. Namely, an Origin cookie set by https://example.com in Alice's browser will only be sent over a TLS connection to example.com. Integrity of Origin cookies is achieved as follows. Suppose the example.com receives an Origin-Cookie header with a particular value over a TLS connection. If the header was sent by Alice's browser, then the server can reason that the cookie was set by its own origin. (Note: The same cannot be said of Secure cookies.) Adam
- [http-state] Origin cookies Adam Barth
- Re: [http-state] Origin cookies Remy Lebeau
- Re: [http-state] Origin cookies Adam Barth
- Re: [http-state] Origin cookies tho
- Re: [http-state] Origin cookies Adam Barth
- Re: [http-state] Origin cookies tho
- Re: [http-state] Origin cookies Adam Barth
- Re: [http-state] Origin cookies tho
- Re: [http-state] Origin cookies Adam Barth
- Re: [http-state] Origin cookies tho