[http-state] draft-abarth-cake-00 posted
Adam Barth <ietf@adambarth.com> Sun, 22 August 2010 07:16 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19BB13A6781 for <http-state@core3.amsl.com>; Sun, 22 Aug 2010 00:16:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.404
X-Spam-Level:
X-Spam-Status: No, score=-1.404 tagged_above=-999 required=5 tests=[AWL=-0.916, BAYES_05=-1.11, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQtSc0lyd3q2 for <http-state@core3.amsl.com>; Sun, 22 Aug 2010 00:16:14 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 91CF53A67C0 for <http-state@ietf.org>; Sun, 22 Aug 2010 00:16:14 -0700 (PDT)
Received: by iwn3 with SMTP id 3so5031653iwn.31 for <http-state@ietf.org>; Sun, 22 Aug 2010 00:16:48 -0700 (PDT)
Received: by 10.231.130.99 with SMTP id r35mr3998149ibs.171.1282461408190; Sun, 22 Aug 2010 00:16:48 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id e8sm4677736ibb.14.2010.08.22.00.16.46 (version=SSLv3 cipher=RC4-MD5); Sun, 22 Aug 2010 00:16:47 -0700 (PDT)
Received: by iwn3 with SMTP id 3so5031630iwn.31 for <http-state@ietf.org>; Sun, 22 Aug 2010 00:16:46 -0700 (PDT)
Received: by 10.231.160.205 with SMTP id o13mr4550802ibx.15.1282461405811; Sun, 22 Aug 2010 00:16:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.60.18 with HTTP; Sun, 22 Aug 2010 00:16:15 -0700 (PDT)
From: Adam Barth <ietf@adambarth.com>
Date: Sun, 22 Aug 2010 00:16:15 -0700
Message-ID: <AANLkTi=c9i=gNFspyf4NC0Cm423JtH0v4FHR18Lm_GrB@mail.gmail.com>
To: http-state <http-state@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [http-state] draft-abarth-cake-00 posted
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Aug 2010 07:16:16 -0000
People of http-state: I've posted an updated draft of the Cake HTTP state management mechanism for your review: http://www.ietf.org/staging/draft-abarth-cake-00.txt This draft improves on the original cake proposal in two ways: 1) The mechanism is now robust to cross-site request forgery. (For an overview of CSRF attacks, please see <http://en.wikipedia.org/wiki/Cross-site_request_forgery>.) 2) The server can now specify the max-age of the session. The draft is just an overview of the protocol. I can fill in the server and user agent requirements, etc, if there is sufficient interest in moving forward with this approach. Please find below the salient pieces of the document. Let me know if you have any feedback! Kind regards, Adam Simple HTTP State Management Mechanism draft-abarth-cake-00 Abstract This document describes a simple HTTP state management mechanism, called cake, that lets HTTP servers maintain stateful sessions with HTTP user agents. This mechanism is harmonized with the same-origin security model and provides both confidentiality and integrity protection against active network attackers. In addition, the mechanism is robust to cross-site request forgery attacks. 1. Introduction HTTP does not provide servers with a robust mechanism for tracking state between requests. The dominant HTTP state management mechanism in use on the Internet, known as cookies, has a number of historical infelicities that impair its security. In particular, cookies have the following serious defects: 1. Cookies provide no integrity protection against active network attackers. Even if the example.com HTTP server always employs TLS, a network attacker manipulate the server's cookies by spoofing responses from http://example.com/ (assuming the user agent makes a single non-TLS protected HTTP request, which, of course, the attacker can redirect to http://example.com/). 2. Cookies assume that a given host name trusts all of its superdomains and siblings. In particular, students.example.edu can manipulate the cookies used by grades.example.edu, potentially resulting in security vulnerabilities. 3. Cookies indicate only which user agent issued a given HTTP request. They provide no information about why the user agent issued that request. This design flaw leads many HTTP servers to be vulnerable to cross-site request forgery attacks, in which the attacker tricks the server into performing an action on behalf of the user by causing the user agent to issue an HTTP request to the server with the user's cookies. This document defines a simple HTTP state management mechanism that addresses these shortcommings of cookies. In this mechanism, the server stores a secret key at the user agent, called the cake-key. When the user agent issues subsequent HTTP requests to the server, the user agent sends a string, called a cake, containing a HMAC (using the cake-key) of the security-origin that generated the request. By whitelisting expected cakes, the server can accept requests from origins of its choice, mitigating cross-site request forgery vulnerabilities. Unlike cookies, which can leak from one host to another and from one scheme to another, the cake-key is scoped to a security-origin. In particular, http://students.example.edu and http://grades.example.edu have independent cake-keys. Likewise, http://example.com and https://example.com have independent cake-keys. Therefore, an active network attacker (who can compromise http://example.com) cannot manipulate the state for https://example.com. 3. Overview The cake state management mechanism consists of two HTTP headers, an HTTP response header named Set-Cake-Key and an HTTP request header named Cake. The server can use the Set-Cake-Key response header to store a secret key at the user agent. For example, the following header instructs the user agent to store a 128-bit secret key for two weeks: Set-Cake-Key: 515BYea21GY7xRbZTLCekQ==; Max-Age=1209600 Notice that the server can easily generate a base64-encoded random number using the openssl library: $ openssl rand -base64 16 The user agent then associated the given cake-key with the security- origin from which it received the Set-Cake-Key header. When making subsequent HTTP requests to that security-origin, the user agent includes the Cake request header, which contains a SHA-1 HMAC (keyed by the cake-key) of the security-origin that generated the request. For example, if the request was generated by the user agent on behalf of http://example.com, the user agent sends the following header: Cake: Z32dI5wav1Cqj07ToG++DRXV18c= Notice that the server can easily generate the cake it will receive for a given security-origins using the openssl library: $ echo "Origin: http://example.com" | openssl dgst -hmac 515BYea21GY7xRbZTLCekQ== -sha1 -binary | openssl enc -base64 By pre-computing the cake for the security-origins the server expects to receive requests from, the server can whitelist the security- origins that have access to its session state. Notice that if the server does not whitelist a particular security-origin, the server will not link the request with the session, making it difficult for the attacker to mount a cross-site request forgery attack. 4. Server Requirements set-cake-key-header = "Set-Cake-Key:" OWS set-cake-key-string OWS set-cake-key-string = cake-key *( ";" SP cake-av ) cake-key = 1*BASE64CHAR BASE64CHAR = ALPHA / DIGIT / "+" / "/" / "=" cake-av = max-age-av / extension-av max-age-av = "Max-Age=" 1*DIGIT extension-av = <any CHAR except CTLs or ";"> cake-header = "Cake:" OWS cake OWS cake = 1*BASE64CHAR
- [http-state] draft-abarth-cake-00 posted Adam Barth
- Re: [http-state] draft-abarth-cake-00 posted Adam Barth
- Re: [http-state] draft-abarth-cake-00 posted Thomson, Martin
- Re: [http-state] draft-abarth-cake-00 posted Adam Barth
- Re: [http-state] draft-abarth-cake-00 posted Maciej Stachowiak
- Re: [http-state] draft-abarth-cake-00 posted Thomson, Martin
- Re: [http-state] draft-abarth-cake-00 posted Dan Witte
- Re: [http-state] draft-abarth-cake-00 posted David Morris
- Re: [http-state] draft-abarth-cake-00 posted Thomson, Martin
- Re: [http-state] draft-abarth-cake-00 posted Anne van Kesteren