IETF Logo Mail Archive

Re: Signing Set-Cookie

Martin Thomson <mt@lowentropy.net> Mon, 06 June 2022 22:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F8DC15AAC0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 Jun 2022 15:30:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.76
X-Spam-Level:
X-Spam-Status: No, score=-2.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=BUDFf+QD; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=jKZj8kSu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qpnSbafwHaAr for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 Jun 2022 15:30:46 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A1A9C15AACB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 6 Jun 2022 15:30:46 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nyLDK-0008QN-OL for ietf-http-wg-dist@listhub.w3.org; Mon, 06 Jun 2022 22:28:46 +0000
Resent-Date: Mon, 06 Jun 2022 22:28:46 +0000
Resent-Message-Id: <E1nyLDK-0008QN-OL@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1nyLDI-0008P4-La for ietf-http-wg@listhub.w3.org; Mon, 06 Jun 2022 22:28:44 +0000
Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1nyLDH-0004Dm-2x for ietf-http-wg@w3.org; Mon, 06 Jun 2022 22:28:44 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8ED355C0182; Mon, 6 Jun 2022 18:28:31 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Mon, 06 Jun 2022 18:28:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1654554511; x= 1654640911; bh=hiTQ6pyvulvmbO/ENzYBvO6/6HlImVcvXiHwq5aYvjk=; b=B UDFf+QDPAjRHUBO+Hulg40FnjhgcwGbPn92u6s65s6YAsn8/LVzOvH9oN5goFGvZ as1KEXwDtQqxaxDiXXyuLJmM2gWJBN5rMFw8Fi+WbVRrIez2DoJAi5oPC9jgApfo f1kNoQnuBDsQ4jYeWgijmBBfIIFu8fjPP/rGaYQrmCC0Vt248s5ub/AKeb2XBXVL blfAo5po37RVqm3DWnZXhJe+8qYq2NTf9XOZk3VwV6OhB5+MwCv+6cVMa0M8vDUN L3Ueyid01eJzKT8FIx3k1TOoqR6a2lPpT/JCihHhlSjWMy3mVfrwZ46h7mwNmxKM u2lKlnAjWOLNRvnHKCJtw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1654554511; x= 1654640911; bh=hiTQ6pyvulvmbO/ENzYBvO6/6HlImVcvXiHwq5aYvjk=; b=j KZj8kSuhST6LnQvkUixqJwcm2dEjRL6WScu4fYZ1AL5ZXCYqJSTx0cdO0D940hqZ bZahELBoT82mHklZu4xWGwD5IPaI/9izqs0c3p0fvPusJYvMHC66YiRBRj17LX+T d3C3P0pER68LzSZBwASvzQKkub6pgZlAH8xi7kUtcpgKZEHNvwMe8pxqCIGIP94t P8genUKLHYgR6NqiXghvoBHjBhhqSa2yMQMeY6ZsuCuc3Bj80h52XfgABXx9nTmw TtUv/3Fc6m41MY7Ku6hPufLQ/QaDXqS73BzH/RtU/sPAyow8Q6244N9F63MSYkco I/jgQ/u07LpfVehDm0ljg==
X-ME-Sender: <xms:j3-eYl2hIFIvmYYAcVDOF57Q2RUWMnlpEc7sJ3G435tB5ev75hJaYw> <xme:j3-eYsFekPg2qDh6WcTXjpB4whgsKuxchsfJnJtE-NdDNHuzP7hlp-2L2zl2rFbcf WkKCkNNte_bm3fds_0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedruddtgedgudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtgfesthhqredtreerjeenucfhrhhomhepfdfo rghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqne cuggftrfgrthhtvghrnhepieeuueeiteeijeeigfegudetgfetfffhffduieffffefffel veeiteetudfftdejnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhho phihrdhnvght
X-ME-Proxy: <xmx:j3-eYl4W5jncR9XbsSp4DuUow26LcemsvL6liq7IO4yef02B8EE-fg> <xmx:j3-eYi1mm8bgqxQ0soXuacPlp4t_iEL9dQVT7hNUsOHF4ySZD9gHNQ> <xmx:j3-eYoGztqEsuqZxSBeozdzQJyW57DBBzj6hs4TZM3ia2sh6dJeSiA> <xmx:j3-eYrxIH7Y8jn2jnpL3cFPiTzDPRMF9Bv4wEEtnVC10l0iK6dg5Bg>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4C2D22340076; Mon, 6 Jun 2022 18:28:31 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-592-g7095c13f5a-fm-20220603.004-g7095c13f
Mime-Version: 1.0
Message-Id: <5f586a5b-4d62-40c8-8fa8-f747d08fd52f@beta.fastmail.com>
In-Reply-To: <A659F1C6-97D6-48FB-BDED-B885AF93E553@mit.edu>
References: <A0601849-2870-4150-9926-5FA706D7F6DE@mit.edu> <CACcvr==K0gjhOaBaxt8vK80UYo1tAHVrh78yCcAEMvwx4tT=ag@mail.gmail.com> <7dff30c8-faac-413f-8387-f0a5a51fc6ff@beta.fastmail.com> <A659F1C6-97D6-48FB-BDED-B885AF93E553@mit.edu>
Date: Tue, 07 Jun 2022 08:28:08 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Justin Richer <jricher@mit.edu>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=66.111.4.25; envelope-from=mt@lowentropy.net; helo=out1-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1nyLDH-0004Dm-2x 17904dc08b8bdd0a4732923092d37941
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Signing Set-Cookie
Archived-At: <https://www.w3.org/mid/5f586a5b-4d62-40c8-8fa8-f747d08fd52f@beta.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40074
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hey Justin,

I don't agree that this is an acceptable way of dealing with this problem.  It makes the content under signature malleable.  Even if that is extremely narrowly applicable, I don't see how we could publish a specification where the only defense against an attack like this is text to the effect of "this might happen".

On Tue, Jun 7, 2022, at 06:50, Justin Richer wrote:
> What I’ve done is create a new security consideration for this, and 
> discussing how it might possibly lead to the foothold for an attack.
>
> https://github.com/httpwg/http-extensions/pull/2143/files#diff-1d57bca6223a0fee3ef29148c2550c0f862e72f67a56cc7f57b5a72fbd8320e3R1802
>
> — Justin
>
>> On Jun 1, 2022, at 7:58 PM, Martin Thomson <mt@lowentropy.net> wrote:
>> 
>> Yeah, what Nick said.
>> 
>> Cookie concatenation has a special carve-out in all HTTP versions past 1.x; I see no real harm in making another for Set-Cookie.
>> 
>> On Thu, Jun 2, 2022, at 09:20, Nick Harper wrote:
>>> A Set-Cookie header could have a comma in it (e.g. in the Expires= or 
>>> Path= parts), which means that it's probably possible for two different 
>>> combinations of Set-Cookie headers to be concatenated/canonicalized to 
>>> the same value. I'm not certain there's an attack here, but this seems 
>>> potentially problematic enough that this should be given more 
>>> consideration.
>>> 
>>> On Wed, Jun 1, 2022 at 2:39 PM Justin Richer <jricher@mit.edu> wrote:
>>>> The Set-Cookie header syntax is weird in that it doesn’t allow for concatenation in the normal List syntax. The Signature spec relies on this concatenation for the combination of values of headers that show up multiple times. This discrepancy is called out in this issue:
>>>> 
>>>> https://github.com/httpwg/http-extensions/issues/1183
>>>> 
>>>> However, on further investigation, I don’t think this actually causes a problem. The concatenation process outlined in Signatures still works on multiple Set-Cookie values, the only weird thing is that the RESULT of that process cannot itself be parsed as a valid Set-Cookie header. 
>>>> 
>>>> But the thing is, it doesn’t have to be parsed. It just has to exist as a string in the signature base, and be re-created by both signer and verifier in a consistent way. 
>>>> 
>>>> I’m planning on closing this issue with a note in the appropriate section of the signature spec, but if there’s something I’m missing about this, please chime in.
>>>> 
>>>> — Justin
>>

v2.23.0 | Report a Bug | By Email