Clearing cache digests
Eric Rescorla <ekr@rtfm.com> Mon, 18 July 2016 06:37 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE81112D0E0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 17 Jul 2016 23:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.207
X-Spam-Level:
X-Spam-Status: No, score=-8.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b_Gs8ahKqilc for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 17 Jul 2016 23:37:03 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7908C12D0DA for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 17 Jul 2016 23:37:03 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bP271-00047S-OH for ietf-http-wg-dist@listhub.w3.org; Mon, 18 Jul 2016 06:33:07 +0000
Resent-Date: Mon, 18 Jul 2016 06:33:07 +0000
Resent-Message-Id: <E1bP271-00047S-OH@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ekr@rtfm.com>) id 1bP26w-00046Z-DY for ietf-http-wg@listhub.w3.org; Mon, 18 Jul 2016 06:33:02 +0000
Received: from mail-yw0-f179.google.com ([209.85.161.179]) by maggie.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ekr@rtfm.com>) id 1bP26t-0004zA-79 for ietf-http-wg@w3.org; Mon, 18 Jul 2016 06:33:00 +0000
Received: by mail-yw0-f179.google.com with SMTP id c124so24494117ywd.3 for <ietf-http-wg@w3.org>; Sun, 17 Jul 2016 23:32:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=nuN5hacypzjdPqRAKHRKMjYCaGyPFobW+LWRFQ7zpJY=; b=NhSGjd7RUhQXwERC23k+gG27/pWRxTxr1YM+/BItl9mh2RzWkvz5UKBkHSnuIN9/t/ Zs2Cdck+crh05YYvT6rBCT55NRSmx9EdFC4F8sxSSdwDpJJziL/iiNOypJY7NB8/G08m Nm7Q7D5lh2wVpbqeVkBdKEULcv6+EOmynuHPhYFE8Uxkwkk+s4znGETpUZXvtl+YwIPK W1hSXsG9Lf/MJAhKrAg4Ys0t/nQvPlg8P9Qqc0Qv0mXmwRXFXTMR8VvlbQxa6tlp/c/w /p+QhBptfdq5332CSw5CzwgqI3hLWn5Lp3Q1bTAEI0mMscXLg0n0fN+/r3V2TFY46ALA ojrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=nuN5hacypzjdPqRAKHRKMjYCaGyPFobW+LWRFQ7zpJY=; b=BkH5CP6ATmCKLcnNldFJkaYIdLNvfAXTnpNND0DbaQssT6dSybrz9XVqhh47uoNS3J hta2168PdJGSkACibDrd8NPU9A/NBMZNkyO1jIgf3xaHTyQPO416ufmQwhUitCjRZGvE GZjNWHn0/YQRaQ5vdgqs9KZUPKI1k2GRJh/P4hqApPaAXLzB5NdIDe+GVkQqcCT5uJoR kJUJQOSb8rjJa67xwa/FTJBL0/63p+UjkXYzUhycP8uiatg+MzU2Ce3UZIf+UutVEvqT Kl4vKl8xvjUcFU8DBpn5kvbsvMthuFkv36y25V1GMPW29uV22efM0grQmaFTLUYsWucq TrUg==
X-Gm-Message-State: ALyK8tJEtRqbweNCKLeKgv6O3dsSWXviA7/gYXuWAg5uL9YdeJQr+bUcsDWuAQp+rDRrzXmptQ2z+Y2v+ZpBBg==
X-Received: by 10.13.201.134 with SMTP id l128mr22602701ywd.93.1468823552341; Sun, 17 Jul 2016 23:32:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.152.13 with HTTP; Sun, 17 Jul 2016 23:31:53 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 18 Jul 2016 08:31:53 +0200
Message-ID: <CABcZeBMR0h5fcGrdwKJVTMeH_=+etT22ykpJKdOmFzepmzKwCA@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a114e630e1382f50537e3226f"
Received-SPF: none client-ip=209.85.161.179; envelope-from=ekr@rtfm.com; helo=mail-yw0-f179.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.039, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bP26t-0004zA-79 7fda10ff5205d2a1882a2b38c603ef87
X-Original-To: ietf-http-wg@w3.org
Subject: Clearing cache digests
Archived-At: <http://www.w3.org/mid/CABcZeBMR0h5fcGrdwKJVTMeH_=+etT22ykpJKdOmFzepmzKwCA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31992
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
The draft says: As a result, clients MUST mitigate for this threat when the user attempts to remove identifiers (e.g., "clearing cookies"). This could be achieved in a number of ways; for example: by clearing the cache, by changing one or both of N and P, or by adding new, synthetic entries to the digest to change its contents. TODO: discuss how effective the suggested mitigations actually would be. Except for "clearing the cache", my initial impression is that the answer to "how effective" is "not very", except for very naive uses of the cache as an identifier. Consider that the general structure of this mechanism is that the client gives the server an oracle which answers the question "do you have document X" with false positive rate 2^-P. This implies that the server can use the cache as a cookie B of length N bits by creating N resources R_1, R_1 ... R_N and then to store the cookie: - If B_i == 1 then store R_i - Otherwise don't You then query for the cookie in the cache the same way. This has an epsilon error probability but you can correct for that by storing N + delta bits and using an error correcting code. So, my claim is that any mechanism that retains the information in the cache digest will allow for tracking, even if you change the way it is encoded (e.g., changing N, P). -Ekr
- Re: Clearing cache digests Martin Thomson
- Re: Clearing cache digests Kazuho Oku
- Re: Clearing cache digests Mike West
- Re: Clearing cache digests Mark Nottingham
- Re: Clearing cache digests Martin Thomson
- RE: Clearing cache digests Mike Bishop
- Re: Clearing cache digests Eric Rescorla
- Re: Clearing cache digests Martin Thomson
- Clearing cache digests Eric Rescorla