[http-state] draft-salgueiro-secure-state-management-04.txt

Gonzalo Salgueiro <gsalguei@cisco.com> Mon, 21 February 2011 19:09 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EAD283A6F0C for <http-state@core3.amsl.com>; Mon, 21 Feb 2011 11:09:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.848
X-Spam-Level:
X-Spam-Status: No, score=-9.848 tagged_above=-999 required=5 tests=[AWL=0.750, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KuVkn1PZIalP for <http-state@core3.amsl.com>; Mon, 21 Feb 2011 11:09:17 -0800 (PST)
Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by core3.amsl.com (Postfix) with ESMTP id 0023D3A6F42 for <http-state@ietf.org>; Mon, 21 Feb 2011 11:09:16 -0800 (PST)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p1LJ9xVh017819; Mon, 21 Feb 2011 14:09:59 -0500 (EST)
Received: from dhcp-64-102-154-191.cisco.com (dhcp-64-102-154-191.cisco.com [64.102.154.191]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p1LJ9waE004252; Mon, 21 Feb 2011 14:09:58 -0500 (EST)
From: Gonzalo Salgueiro <gsalguei@cisco.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-30-33134989
Date: Mon, 21 Feb 2011 14:09:58 -0500
Message-Id: <B872210E-0DA3-4721-B3C9-BF63AC0AD727@cisco.com>
To: http-state@ietf.org
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
Subject: [http-state] draft-salgueiro-secure-state-management-04.txt
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 19:09:18 -0000

Folks,

We just published a significantly revised version of the secure state management draft that we had been working on.  The new draft can be found here:
http://tools.ietf.org/html/draft-salgueiro-secure-state-management-04
 
We had received mixed feedback before, but it seemed there were two recurring themes:
·         We wanted to move away from cookies for secure state management, though perhaps continuing to use cookies as a means of identifying the remote user agent
·         We need to have a solution that works over HTTP that does not require the use of Diffie-Hellman
 
We took a step back to look at the problem we were trying to solve.  What we want is to ensure that a request coming from a client could be trusted, even if transmitted over HTTP.  So, what we wanted really wasn’t a secure cookie, but a guarantee that the request is genuine.
 
With this draft, we’ve moved away from cookies and focus on only providing message authentication.  To provide message authentication, we still establish an association between the client and server.  We still allow for Diffie-Hellman to be used, but we have a mechanism in place to allow HTTPS to be used for the sole purpose of establishing associations, too.  The end result is that, with this draft, we can provide message integrity and we can avoid replay of messages.
 
We invite you to look at this revised draft and provide us with feedback.

Warm Regards,

Gonzalo