Re: New Draft: draft-ohanlon-transport-info-header
Lucas Pardue <lucaspardue.24.7@gmail.com> Mon, 25 November 2019 17:05 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB0D312099A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Nov 2019 09:05:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVjxQPJPplkS for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Nov 2019 09:04:59 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FFA7120813 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 25 Nov 2019 09:04:59 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iZHlS-0005ba-Sh for ietf-http-wg-dist@listhub.w3.org; Mon, 25 Nov 2019 17:03:06 +0000
Resent-Date: Mon, 25 Nov 2019 17:03:06 +0000
Resent-Message-Id: <E1iZHlS-0005ba-Sh@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <lucaspardue.24.7@gmail.com>) id 1iZHlQ-0005aU-B1 for ietf-http-wg@listhub.w3.org; Mon, 25 Nov 2019 17:03:04 +0000
Received: from mail-ua1-x942.google.com ([2607:f8b0:4864:20::942]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <lucaspardue.24.7@gmail.com>) id 1iZHlO-0004tg-Nu for ietf-http-wg@w3.org; Mon, 25 Nov 2019 17:03:04 +0000
Received: by mail-ua1-x942.google.com with SMTP id s14so4667007uad.2 for <ietf-http-wg@w3.org>; Mon, 25 Nov 2019 09:03:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V/wSON0CBaz7jJxaqiGGZzTlwwO2siXTm5BYcVDFPj0=; b=D1fYVIkZRyqGb3yGgd35GLDtIEHWJOmnqZVN8gzjxeegDQZWmqpwNj2qtlUmmzOADC c/UE1pLNwXCgV7vxIJUYX7jvW0DNgZq9hrlQeceAWwIhQaOWsOalsbuLh0dLuZZj3uEO 5msXk7FWOceSxavKy7hNvy3DV7tx4bEa1IdZYcMHN20AalE54TSKvnQE6PdxPGgaT/EL 85A3l2ocIRau1nFg7uiI8QXCzV6Bhivw72/Aps2nUYrY1P50X7e4VdixP2jf6LvnBtXz mXYrKxz6IRCEIKtaC7IDi7MoYM+GwX5StXD9rCCXRtVyVFOMyzCWHGdwxV3j8QqAOIIv woyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V/wSON0CBaz7jJxaqiGGZzTlwwO2siXTm5BYcVDFPj0=; b=dWSL/UonMryZ0yF9RevxI9k1YDIYd+MPNcS6nqXhMKhET+lhsULCZgA97jzs9Be/hW 2q3puaG+iJgMQ9ongDihZnH7grk0FxOMWI4k44/DmLu84a/7c8AoJpOMWQpbEpFKNNNy qZVgR+z1iBZM0czDFl3Vtq6865nYQ1GA9NlbZrKaUVUx4O1UB0nj01A1IWUKpoz7mDGL hByfunbylL3XbP7kdvP9stomjS0y1j9U8zgUZGlYm5xzp3c0W1SUp3ayrJBc2HWfMJwx 3SMRKcrV2q949QjICopxUIso+cCouLQBvm4JsvhpAUenGVcxE/iDndDAkQ/2u4suZoNX vzyA==
X-Gm-Message-State: APjAAAUa/GEUYhFieq52QTTQZS58eaDqS8h5ZW5qaSoN1thjmO7IqAXW cDyhRMornCZSw7aZqZ7e6/Pdt8tKqtYyBNc8Pmc=
X-Google-Smtp-Source: APXvYqw/a4Z0JqDTtfmKbwJkG7w4szijyIfFDII5Y8dVW1Qt2ywKigo/E84dXKuQfhlYOl0asEqtD8XBHdRIFUQkEpQ=
X-Received: by 2002:ab0:254c:: with SMTP id l12mr19674751uan.79.1574701381164; Mon, 25 Nov 2019 09:03:01 -0800 (PST)
MIME-Version: 1.0
References: <CAFWWCs4jSRbrK_-5mxM8w4YexYNKRuwGGJSK4iNrhr4en2Q=_w@mail.gmail.com> <CALGR9ob+EgQwC=VK80PPRWxABxi3AeLUpGXk=wzBK57H0OUzJw@mail.gmail.com> <CAFWWCs5u=qAjmhPek17YqN=AmVJgyCXEVkfP2RsQ5uM-DBZc0A@mail.gmail.com> <CAOdDvNrKSPwxNPDYW_0rqc78Zu4NJW9E49qGFt+nv7v3cUgTXg@mail.gmail.com> <CAFWWCs7XqVjOcNyt75P7enHXkAV3WzM8TDZLmUUaiDHFdT3QQQ@mail.gmail.com> <CAOdDvNo2dC77aQJif_351SR70J=judm+eKupm64=fSCY8212PA@mail.gmail.com> <FC0A337E-C794-446A-B587-36FA4F57820D@bbc.co.uk>
In-Reply-To: <FC0A337E-C794-446A-B587-36FA4F57820D@bbc.co.uk>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Mon, 25 Nov 2019 17:02:50 +0000
Message-ID: <CALGR9oZKy2fCsPjFE8PB7T8q6ovkAuqwrnsBoU3FVLg2wS9ecQ@mail.gmail.com>
To: Piers O'Hanlon <piers.ohanlon@bbc.co.uk>
Cc: Patrick McManus <mcmanus@ducksong.com>, Piers O'Hanlon <p.ohanlon@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="00000000000073a29e05982ebca7"
Received-SPF: pass client-ip=2607:f8b0:4864:20::942; envelope-from=lucaspardue.24.7@gmail.com; helo=mail-ua1-x942.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1iZHlO-0004tg-Nu be0c7150bfaf8bbc2436d73e9005b3f9
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Draft: draft-ohanlon-transport-info-header
Archived-At: <https://www.w3.org/mid/CALGR9oZKy2fCsPjFE8PB7T8q6ovkAuqwrnsBoU3FVLg2wS9ecQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37191
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
IIUC Patrick correctly, I think one threat model relates to connection coalescing. Imagine two resources: a.example.com/index.html includes b.example.com/foo.js and the properties of these resources (i.e. authority and certs) satisfy the requirements for HTTP/2 connection reuse as described in https://tools.ietf.org/html/rfc7540#section-9.1.1. a.example.com and b.example.com are in different administrative domains but requests for b.example.com/foo.js are able to obtain information about the state of the connection including the effect of requests to a.example.com. This could be used for fingerprinting or some other form of attack from one domain to the other. Lucas
- New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Lucas Pardue
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Lucas Pardue
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon