Re: Tracking through cache abuse

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Mon, 25 July 2011 19:28 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07BA228016 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Jul 2011 12:28:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id feJn7q8M8e17 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Jul 2011 12:28:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id BAEDF228015 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 25 Jul 2011 12:28:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1QlQow-0002bY-SM for ietf-http-wg-dist@listhub.w3.org; Mon, 25 Jul 2011 19:28:06 +0000
Received: from aji.keio.w3.org ([133.27.228.206]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <phk@phk.freebsd.dk>) id 1QlQoo-0002ai-LB for ietf-http-wg@listhub.w3.org; Mon, 25 Jul 2011 19:27:58 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by aji.keio.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1QlQok-0004hE-6K for ietf-http-wg@w3.org; Mon, 25 Jul 2011 19:27:57 +0000
Received: from critter.freebsd.dk (critter-phk.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id B7BCA5E1E; Mon, 25 Jul 2011 19:27:24 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.5/8.14.5) with ESMTP id p6PJRNnh002702; Mon, 25 Jul 2011 19:27:24 GMT (envelope-from phk@phk.freebsd.dk)
To: Bjoern Hoehrmann <derhoermi@gmx.net>
cc: ietf-http-wg@w3.org
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Mon, 25 Jul 2011 20:54:05 +0200." <redr271mt9er45npjo41fnrrup8unur4u3@hive.bjoern.hoehrmann.de>
Content-Type: text/plain; charset="ISO-8859-1"
Date: Mon, 25 Jul 2011 19:27:23 +0000
Message-ID: <2701.1311622043@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-3.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RP_MATCHES_RCVD=-1.191
X-W3C-Scan-Sig: aji.keio.w3.org 1QlQok-0004hE-6K 2a20d5e5e27825f894e94c5de42a6b4e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Tracking through cache abuse
Archived-At: <http://www.w3.org/mid/2701.1311622043@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/11079
X-Loop: ietf-http-wg@w3.org
Sender: ietf-http-wg-request@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1QlQow-0002bY-SM@frink.w3.org>
Resent-Date: Mon, 25 Jul 2011 19:28:06 +0000

In message <redr271mt9er45npjo41fnrrup8unur4u3@hive.bjoern.hoehrmann.de>, Bjoer
n Hoehrmann writes:

>  http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-15 currently
>does mention that "Because cache contents persist after an HTTP request
>is complete, an attack on the cache can reveal information long after a
>user believes that the information has been removed from the network",
>but does not seem to address privacy issues that go along with that.
>
>"Evercookie" for instance abuses the ETag header as tracking mechanism,
>and specially crafted cached resources to the same end; others abuse 301
>redirects, and there are other features that can be abused this way. The
>draft should note this as a general problem and cite some of the things
>we know about as examples.

There is a very important difference between second and third party
attacks we should make clear here.  The first paragraph talks about
a 3rd party exploitable privacy leak, the second paragraph talks about
a 2nd party deliberate privacy break.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.