Re: Design Issue: Overlong Frames

Martin Thomson <martin.thomson@gmail.com> Fri, 10 May 2013 19:31 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 456AB21F8528 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 10 May 2013 12:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.005
X-Spam-Level:
X-Spam-Status: No, score=-10.005 tagged_above=-999 required=5 tests=[AWL=0.594, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0OvFBeal59i for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 10 May 2013 12:31:12 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E5D0D21F847B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 10 May 2013 12:31:11 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Uat1U-00043r-Iz for ietf-http-wg-dist@listhub.w3.org; Fri, 10 May 2013 19:30:32 +0000
Resent-Date: Fri, 10 May 2013 19:30:32 +0000
Resent-Message-Id: <E1Uat1U-00043r-Iz@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1Uat1J-000437-05 for ietf-http-wg@listhub.w3.org; Fri, 10 May 2013 19:30:21 +0000
Received: from mail-we0-f179.google.com ([74.125.82.179]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1Uat1I-0003ZC-Bx for ietf-http-wg@w3.org; Fri, 10 May 2013 19:30:20 +0000
Received: by mail-we0-f179.google.com with SMTP id t59so4223203wes.38 for <ietf-http-wg@w3.org>; Fri, 10 May 2013 12:29:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=3cBIfKVOd0fdJLS3ecGBFY1C+eqNRjSQX5Gj4lGpQ4Q=; b=IaGyToIf/9nW62dJOEv2dGJVpD3hYr4uv9MQ7huM9EP0w1mRBxQJGtIXjeZ2FEtMXw tJ2xP7VSe3jdng5T6Lfx4e4FFHpphw9rcyAo5mwtOpXsJjyB+5sENh41Eju+NMFKB6GM pAow66fsxl3cw4Ze6WQnuXmmJx67szqlNM9kM/3EzyoBamt3deN4Qlo2LrJs1xNhH4vy N1r3an3tWu72wyWbV2r6UMaF6dSj3YfyXTF2UrCynUvgyWNfvzvJsoZKok+w//IdDTvH tnnQN4eGc9JsoNB/EnhWJULn9O9Hg57HBpO5+qVriVy6SUA5Yr0sOe4XliYVfqZQ3s4J cK2Q==
MIME-Version: 1.0
X-Received: by 10.194.78.204 with SMTP id d12mr26591458wjx.42.1368212420114; Fri, 10 May 2013 12:00:20 -0700 (PDT)
Received: by 10.194.33.102 with HTTP; Fri, 10 May 2013 12:00:20 -0700 (PDT)
In-Reply-To: <CABP7RbcUuYVG9v6aoC1m1qkHw6M2xb4eOzY32QgieKDznDZefg@mail.gmail.com>
References: <CABP7RbewOju850tE2GV2U4JZVawGTFGoWoYF7LaofGdKcXYqZg@mail.gmail.com> <CABkgnnXZY7aSRmVb-GsfDVpq3+cNXRh_MeUipWGVHUwQreUV6g@mail.gmail.com> <CABP7RbcUuYVG9v6aoC1m1qkHw6M2xb4eOzY32QgieKDznDZefg@mail.gmail.com>
Date: Fri, 10 May 2013 12:00:20 -0700
Message-ID: <CABkgnnX=bFRg39aK6Ba4XzcKEz84oyt7GL+US7zHw+wonQve6g@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: James M Snell <jasnell@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=74.125.82.179; envelope-from=martin.thomson@gmail.com; helo=mail-we0-f179.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.687, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1Uat1I-0003ZC-Bx 49a4f288cd43e13341bc348578a0999f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Design Issue: Overlong Frames
Archived-At: <http://www.w3.org/mid/CABkgnnX=bFRg39aK6Ba4XzcKEz84oyt7GL+US7zHw+wonQve6g@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17929
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 10 May 2013 11:29, James M Snell <jasnell@gmail.com> wrote:
> On Fri, May 10, 2013 at 10:36 AM, Martin Thomson
> <martin.thomson@gmail.com> wrote:
>> On 9 May 2013 10:26, James M Snell <jasnell@gmail.com> wrote:
>>> Recommendation: Adding a short statement that a PROTOCOL_ERROR MUST be
>>> returned if a frame contains more bytes than what is expressly
>>> specified in the frame definition.
>>
>> That would prevent extension unnecessarily.  And it doesn't do
>> anything to improve security.
>
> How does it prevent extension? If someone wants to extend an existing
> frame to include new data, it can define a new frame type.

I can't extend GOAWAY.  Who knows, maybe I might want to be more
specific about the streams that will be processed prior to session
end.

>> When you want to harden security, you need to consider what equivalent
>> options are available to an attacker.  If I wanted to send you more
>> data, then I will use DATA frames.  Unless you can find a way to
>> curtail DATA I see no reason to clamp down here.
>
> In my experience, it's generally better to limit the exploitation options ;-)

It doesn't limit options in any meaningful way.  This would be
analogous to double-deadlocking the front door while leaving the
adjacent windows wide open.  I know that the extension argument isn't
especially strong, for a range of reasons, but I see no point in
over-engineering this aspect.