IETF Logo Mail Archive

Re: #148: Reasonable Assurances and H2C

"Roy T. Fielding" <fielding@gbiv.com> Fri, 26 February 2016 21:05 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9D101B3050 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Feb 2016 13:05:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0dawmpA_FZw for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Feb 2016 13:05:04 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C2AD1B304D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 26 Feb 2016 13:05:04 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aZPUw-0001mX-Pq for ietf-http-wg-dist@listhub.w3.org; Fri, 26 Feb 2016 21:00:26 +0000
Resent-Date: Fri, 26 Feb 2016 21:00:26 +0000
Resent-Message-Id: <E1aZPUw-0001mX-Pq@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <fielding@gbiv.com>) id 1aZPUr-0001MV-MV for ietf-http-wg@listhub.w3.org; Fri, 26 Feb 2016 21:00:21 +0000
Received: from sub4.mail.dreamhost.com ([69.163.253.135] helo=homiemail-a55.g.dreamhost.com) by lisa.w3.org with esmtp (Exim 4.80) (envelope-from <fielding@gbiv.com>) id 1aZPUq-0005qL-3g for ietf-http-wg@w3.org; Fri, 26 Feb 2016 21:00:21 +0000
Received: from homiemail-a55.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a55.g.dreamhost.com (Postfix) with ESMTP id A462B163C; Fri, 26 Feb 2016 12:59:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=ZfdEsGRnlSoUK2+5YFNcYAzCMJA=; b=32vEVD8yoLwODx9mcRfsDHI6XRAk IuOftKvsOfXqUx9n0MlTd7rXZULMhTS7z1+tLvrQKFmk4VRtfXdOkXs+b1UHYnfs 3LvaXMtlEe8siHANbeeT+RBj6mkGDa5aIYpcLLnWdF0tebG5W+BKOnou9bMa0JlQ BysJ5lUoDgym6MQ=
Received: from [192.168.1.2] (ip68-228-71-159.oc.oc.cox.net [68.228.71.159]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by homiemail-a55.g.dreamhost.com (Postfix) with ESMTPSA id 7FCB02A04; Fri, 26 Feb 2016 12:59:56 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <C2145C5A-0255-43F9-A44A-F6C7974CDD4C@mnot.net>
Date: Fri, 26 Feb 2016 12:59:55 -0800
Cc: HTTP WG <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2AEE453F-8167-417E-BF3B-127E863CA6F8@gbiv.com>
References: <20160209074851.32332.24065.idtracker@ietfa.amsl.com> <20160209182822.C37A959F@welho-filter2.welho.com> <B7164F24-DDA1-4753-8A8B-04809B1965FF@mnot.net> <CAC4RtVCCExJNE0y8480vC1W56NP4XhzfvLs+ASh1Qy-UcDPBNw@mail.gmail.com> <C2145C5A-0255-43F9-A44A-F6C7974CDD4C@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
X-Mailer: Apple Mail (2.2104)
Received-SPF: none client-ip=69.163.253.135; envelope-from=fielding@gbiv.com; helo=homiemail-a55.g.dreamhost.com
X-W3C-Hub-Spam-Status: No, score=-8.2
X-W3C-Hub-Spam-Report: AWL=1.535, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aZPUq-0005qL-3g b8e8a5114467e3331903cca3b94aae5e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #148: Reasonable Assurances and H2C
Archived-At: <http://www.w3.org/mid/2AEE453F-8167-417E-BF3B-127E863CA6F8@gbiv.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31108
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> On Feb 19, 2016, at 6:16 PM, Mark Nottingham <mnot@mnot.net> wrote:
> 
> I've created
>  https://github.com/httpwg/http-extensions/issues/148
> to track this.
> 
> I think removing h2c from the examples and clarifying the example as Kari explained (1 and 2 in the issue) are not controversial (verging on editorial).
> 
> The remaining question (3 in the issue) is whether we should firm up the definition of "reasonable assurances" to require another way of achieving that to be documented in an RFC that updates this one.
> 
> Mike B has already supported this approach; what do others think? 

FWIW, I think the entire section is nonsense.  Having the same https certificate
doesn't say anything about how many different authorities might be present on
a single server.  It only says the domain name is owned by the certificate holder.
There is no way for a client to know whether that means the alternative service
is valid for the whole origin or just a single resource within that origin.

Likewise, changing the port number means the destination is a different authority.
It may have the same owner, but it is still a different authority.

As such, I don't see how this section does anything to mitigate the attacks
described in changing-ports and host_security.  It certainly doesn't protect
against MITM attacks resulting in a persistent redirection.

I think it would be better to make more explicit requirements in the main section
that define the protocol and to ensure that the requirements are properly targeted
to specific types of implementations (like we did for RFC7230). Furthermore,
differentiate the requirements based on the nature of the original connection:

   If the original connection is not secured to a specific authority (e.g.,
   TLS was not negotiated and a secure connection established prior to receipt
   of the Alt-Svc header field), then

     [require that the alternative service use TLS (or equivalent) and provide
      a certificate valid for the original host]

     [explain that the (many) potential attacks are no worse than
      the existing lack of content and header field integrity]

   Otherwise,

     [do more, like require that the certificate used in the original connection
      be identical to that used by the alternative service, since anything less
      allows the authority to persist longer than the original cert validity.
      Yes, this requires caching the cert id along with the persisted alt-svc.]

     [explain that this limits potential attacks to what is already possible
      as within-origin attacks on an existing https connection.]

This will allow the security discussion to be more relevant to the existing
security conditions, and make it harder to persistently attack a service that
is already protected via https.

Yeah, I know… my comments are probably too big and too late.

....Roy

v2.30.2 | Report a Bug | By Email | System Status