Re: constraining scheme (http vs https) on a connection
Mark Nottingham <mnot@mnot.net> Sat, 21 May 2016 07:00 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5198812D662 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 21 May 2016 00:00:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.347
X-Spam-Level:
X-Spam-Status: No, score=-8.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G7aiKiD2YL9C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 21 May 2016 00:00:04 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39DB312D643 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 21 May 2016 00:00:03 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1b40p0-0002TM-57 for ietf-http-wg-dist@listhub.w3.org; Sat, 21 May 2016 06:55:38 +0000
Resent-Date: Sat, 21 May 2016 06:55:38 +0000
Resent-Message-Id: <E1b40p0-0002TM-57@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1b40os-0002Sb-CB for ietf-http-wg@listhub.w3.org; Sat, 21 May 2016 06:55:30 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1b40oq-0002Yf-OU for ietf-http-wg@w3.org; Sat, 21 May 2016 06:55:30 +0000
Received: from [192.168.1.109] (unknown [120.149.194.112]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 3193022E256; Sat, 21 May 2016 02:55:03 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAKC-DJivd-h_H-oOznjTN8=so2zQOhbwuWFkD9hpgvLTqs-WnA@mail.gmail.com>
Date: Sat, 21 May 2016 16:55:00 +1000
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D5D8F908-27FB-4C81-8CAE-AD4B50939F05@mnot.net>
References: <CAKC-DJivd-h_H-oOznjTN8=so2zQOhbwuWFkD9hpgvLTqs-WnA@mail.gmail.com>
To: Erik Nygren <erik@nygren.org>
X-Mailer: Apple Mail (2.3124)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-8.2
X-W3C-Hub-Spam-Report: AWL=1.357, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1b40oq-0002Yf-OU fcc3db833a399017f03a892e276d74cb
X-Original-To: ietf-http-wg@w3.org
Subject: Re: constraining scheme (http vs https) on a connection
Archived-At: <http://www.w3.org/mid/D5D8F908-27FB-4C81-8CAE-AD4B50939F05@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31651
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> On 21 May 2016, at 5:40 AM, Erik Nygren <erik@nygren.org> wrote: > > In some recent discussions, it has come up that we don't clearly specify whether multiple schemes (eg, http and https) can share a single connection. For example, if www.example.com has a valid certificate for www.example.com then by the reading of rfc7540 a client could potentially use a single connection for http://www.example.com/ and https://www.example.com/ > > By the reading of rfc7540, it also seems like if www.evil.com resolves to the same IP address as www.example.com (which www.example.com has no control over) a client might be willing/able to send requests over the www.example.com connection? My understanding is that's only the case when traffic is explicitly directed this way (e.g., using Alt-Svc). For example, if we have an open connection to https://www.example.com/, that's on port 443; it can't be used for the origin (http, www.example.com, 80) without further information, because it has a different port. However, 7540 could probably be more clear about this; currently, 9.1.1 says: """ Connections that are made to an origin server, either directly or through a tunnel created using the CONNECT method (Section 8.3), MAY be reused for requests with multiple different URI authority components. A connection can be reused as long as the origin server is authoritative (Section 10.1). For TCP connections without TLS, this depends on the host having resolved to the same IP address. """ Really, that should be specified in terms of RFC6454 origins. I.e., if I have a connection to (https, www.example.com, 443), and the cert also covers other.example.com, that means that it can be reused for (https, other.example.com, 443), but not anything else (without additional information). > This seems like it has the potential for confusion. For example, if www.example.com is using client cert auth. Or if a server is distinguishing HTTP vs HTTPS based on port number as described as a risk in draft-ietf-httpbis-http2-encryption and discussed here. There also seem like some potential attacks that become easier if a client is making HTTP requests over HTTP/2 sharing a connection with HTTPS. (For example, side-channel attacks between HTTP and HTTPS seem easy here, and there might be some compression based attacks.) Am I alone in thinking this connection sharing (which servers can't really control today outside of returning a 421 for HTTP-scheme requests) is a bad idea? > > Some things seem worth considering here: > > * The ORIGIN frame helps here as an origin can list only supporting the "https://www.example.com" origin. > > * We likely want to have draft-ietf-httpbis-http2-encryption prohibit sharing requests for secure and non-secure schemes over a single connection, even if authenticated. At the least, we should warn about the issues that might be encountered. Servers can then choose not to advertise services like this, and clients can choose not to consume them. > Is there any other guidance we should be proposing on this front? For example, to discourage clients from doing this sharing and to encourage servers to return 421 if they see mixed schemes on a connection? -- Mark Nottingham https://www.mnot.net/
- constraining scheme (http vs https) on a connecti… Erik Nygren
- Re: constraining scheme (http vs https) on a conn… Mark Nottingham
- Re: constraining scheme (http vs https) on a conn… Erik Nygren
- Re: constraining scheme (http vs https) on a conn… Mark Nottingham
- Re: constraining scheme (http vs https) on a conn… Martin Thomson
- Re: constraining scheme (http vs https) on a conn… Erik Nygren
- Re: constraining scheme (http vs https) on a conn… Mark Nottingham
- Re: constraining scheme (http vs https) on a conn… Erik Nygren