considerations for draft-west-leave-secure-cookies-alone-04

Adam Barth <> Wed, 23 December 2015 04:15 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 252C21ABD38 for <>; Tue, 22 Dec 2015 20:15:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.029
X-Spam-Status: No, score=-6.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kXnF6M-ZBp-J for <>; Tue, 22 Dec 2015 20:15:02 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D566C1ABD35 for <>; Tue, 22 Dec 2015 20:15:00 -0800 (PST)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1aBamK-0005NS-31 for; Wed, 23 Dec 2015 04:11:56 +0000
Resent-Date: Wed, 23 Dec 2015 04:11:56 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1aBam4-0005MY-SN for; Wed, 23 Dec 2015 04:11:40 +0000
Received: from ([]) by with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <>) id 1aBam2-0004eO-OU for; Wed, 23 Dec 2015 04:11:40 +0000
Received: by with SMTP id l126so133153046wml.0 for <>; Tue, 22 Dec 2015 20:11:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=8OAp10S1HjQ1aZ9Swe/waQ+irP3az+kW8v+DxbdizHQ=; b=ZhJj2q2ESZBzYHceMPFDn2J79glAJZ7gOJ6EvAhjHVZOChVYraaG580kfyfG1MDr7v vNNVmSRo8P1O9TpuEmrT2SXGpb6ge9o0pCI9xuVJ8F15FW5fgVKNRkes4X87xevOR2bM EXhMutBZCOWyUkdJn0x/KoUAxsfnPNxGdUfJBgSl66oFHBG8TpNRVay2h6dSIAdP7p5l HgkH0aHgTmIhf6ogCG4fuiCZAjttdd9xpBLoSiidVcbTSG1ufbochIDsD3r43BLDRrG4 mnmWVqPTrbimEkTHyUseaZPLYp7GkCQsXCje56RuUZuU7B6Sl3mpx+29TG9qyU7uPVD1 8O/A==
X-Gm-Message-State: ALoCoQmFzhkJVTR5wCjsylicxqJqVak1bnVLGHXtvnx0R99C4pFBVTiMkNem8r7AgaDWEWgNULaN84RPnWEIBfBu0UcrO2g8qw==
X-Received: by with SMTP id 7mr29217594wmr.45.1450843871587; Tue, 22 Dec 2015 20:11:11 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Tue, 22 Dec 2015 20:10:52 -0800 (PST)
From: Adam Barth <>
Date: Tue, 22 Dec 2015 20:10:52 -0800
Message-ID: <>
To: httpbis <>
Content-Type: multipart/alternative; boundary="001a1145aa24974a6f052788e9eb"
Received-SPF: none client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-6.6
X-W3C-Hub-Spam-Report: AWL=-0.281, BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1aBam2-0004eO-OU 234183b8f18f33f9b559d3882a7cc18d
Subject: considerations for draft-west-leave-secure-cookies-alone-04
Archived-At: <>
X-Mailing-List: <> archive/latest/30818
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

As written, draft-west-leave-secure-cookies-alone-04 gives the impression
that it solves the secure cookie integrity problem.  However, there's still
a risk that a network attacker can set a non-secure cookie before the
honest server gets a chance to set a secure cookie.  Because the secure
cookie doesn't yet exist in the cookie store, the user agent with accept
the non-secure cookie and the honest server might still be fooled.

IMHO, we should explain this risk in the security considerations section.
Here's some example text that you should feel free to edit/use/ignore:

Although user agents prevent insecure URIs from overwriting cookies with
the Secure attribute, a network attacker might still be able to inject
cookies into the Cookie header sent to if the attacker
is able to impersonate a response from before the user
agent receives a genuine response from  In that
situation, the user agent will accept the attacker's cookie because the
genuine cookie does not yet exist in the user agent's cookie store. The
HTTPS server at will be unable to distinguish these cookies
from cookies that it set itself in an HTTPS response.  An active network
attacker might be able to leverage this ability to mount an attack against even if uses HTTPS exclusively.