Re: HTTP/2 and Pervasive Monitoring

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Fri, 15 August 2014 18:57 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF671A0295 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 11:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGkDa0Y7cq3M for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 11:57:19 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 683241A028B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 11:57:19 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIMeD-0004zr-2p for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 18:54:45 +0000
Resent-Date: Fri, 15 Aug 2014 18:54:45 +0000
Resent-Message-Id: <E1XIMeD-0004zr-2p@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XIMdv-0004yz-Cv for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 18:54:27 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1XIMdt-0002kx-Oa for ietf-http-wg@w3.org; Fri, 15 Aug 2014 18:54:27 +0000
Received: from critter.freebsd.dk (unknown [192.168.60.3]) by phk.freebsd.dk (Postfix) with ESMTP id D42B116D0; Fri, 15 Aug 2014 18:54:02 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id s7FIs1kb007375; Fri, 15 Aug 2014 18:54:01 GMT (envelope-from phk@phk.freebsd.dk)
To: Martin Thomson <martin.thomson@gmail.com>
cc: Erik Nygren <erik@nygren.org>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <CABkgnnXc9Di3-eLSrbhFDTwGkPmmnig67x-3-t0fCTM3c2YTFQ@mail.gmail.com>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <CAKC-DJjFk9==Y4ayn=A-fZBaEt-G_+n=XQ9B8rKqWaT-LQh3vQ@mail.gmail.com> <6574.1408114238@critter.freebsd.dk> <CABkgnnXc9Di3-eLSrbhFDTwGkPmmnig67x-3-t0fCTM3c2YTFQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <7373.1408128840.1@critter.freebsd.dk>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 15 Aug 2014 18:54:01 +0000
Message-ID: <7374.1408128841@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.068, RP_MATCHES_RCVD=-0.668
X-W3C-Scan-Sig: lisa.w3.org 1XIMdt-0002kx-Oa a5f5c262fa1dff011eb41c169a447448
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/7374.1408128841@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26622
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

--------
In message <CABkgnnXc9Di3-eLSrbhFDTwGkPmmnig67x-3-t0fCTM3c2YTFQ@mail.gmail.com>
, Martin Thomson writes:
>On 15 August 2014 07:50, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

>> I was talking only conceptually here, the actual protocol mechanics
>> will be at least as tricky as HTTP/1 -> HTTP/2 upgrade.
>
>I've talked with several people about HTTP/1.1 and the mechanisms
>we've defined.  They are portable - in theory.

...and in theory that means that they will work in practice :-)

>Incidentally, the difference between good crypto and bad crypto here
>is that good crypto is fast and secure and bad crypto is just bad.

What is good and what is bad crypto, depends a LOT on what your
ephemeral lifetime requirement is,.

And incidentally, cryptographers have a very strong tendency to
forget that all crypto is ephemeral in the first place, because the
usually unstated requirement is that the ephemeral lifetime be
longer than the probable duration of the universe.

For the isolated problem of defeating PM, the ephemeral lifetime
requirement is a few seconds, reducing the customary 128+ bits
to something on the order of 32.

Good crypto which only lasts a couple of seconds would be terribly
bad crypto in almost any other context.

But conversely, a lot of crypto deemed bad or even "horrible" in
normal contexts will be perfectly good crypto for the purpose of
defeating PM.

I'm not taking a position on what specific algorithms would or
wouldn't be suitable here, but I will point out that it is much
more important that it does 10Gbit/s on commodity hardware, so
loadbalancers and such can keep up, than it be able to survive
systematic attack for more than few seconds.

If it wasn't because of the almost-always-known-plaintest property
of HTTP headers, a simple XOR with a 32bit random number would
be enough.



-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.