Re: Review of draft-handte-httpbis-dict-sec-00
Rob Sayre <sayrer@gmail.com> Thu, 05 December 2019 08:18 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A172C12009C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Dec 2019 00:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level:
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8Q0NvjI_TM1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Dec 2019 00:18:08 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC3EF1200F5 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 5 Dec 2019 00:18:08 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1icmIT-00044e-7Q for ietf-http-wg-dist@listhub.w3.org; Thu, 05 Dec 2019 08:15:37 +0000
Resent-Date: Thu, 05 Dec 2019 08:15:37 +0000
Resent-Message-Id: <E1icmIT-00044e-7Q@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <sayrer@gmail.com>) id 1icmIP-0003tE-Ql for ietf-http-wg@listhub.w3.org; Thu, 05 Dec 2019 08:15:33 +0000
Received: from mail-il1-x12a.google.com ([2607:f8b0:4864:20::12a]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <sayrer@gmail.com>) id 1icmIO-0001PQ-An for ietf-http-wg@w3.org; Thu, 05 Dec 2019 08:15:33 +0000
Received: by mail-il1-x12a.google.com with SMTP id b15so2226338iln.3 for <ietf-http-wg@w3.org>; Thu, 05 Dec 2019 00:15:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Vp8QxxMkrnTb8AYOiq0VX8HNOEsbMdh9/VUO0lCuo2w=; b=Vmi8WXzZm+Fd+BFj1llArQgKZDNltoejuo+SPSnRf1KftR94CEO32sjuNaZ1cDFfr/ Dwo38saUv3FX8kXripHZMO9FEmWfVbznkhmIzt34kbV9ni79L6hrAA8S01/kbw98Pn6N AJ20x3Bqnz/zVvGCe+17mq5Npy8au+2nTeDvzq+B/Z9VVQ6UCWlBEiY5iMONA2oeQWrY +0Q0nfDCpk9y/DwF4l5E9W7BUtxXtis/rfpcFgIZVnWP/IAJhgCrDceDpqIlqgLkrsfz C0IQvBXcPNFk9hxsA4/XBwh5z7qNVYdaCKB/PztZJ9C73ZgPrEWs18S75F3+NeOPZ+0y DSmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Vp8QxxMkrnTb8AYOiq0VX8HNOEsbMdh9/VUO0lCuo2w=; b=Mw2wHIvg0nnNSTknFrk64DCAYXmnnnLxos8mEVQZZXlvKlVe2//9Y4lOeE5bgm+uyZ XLkxtNnGVqeogDb1Qud+AxjJl8KB5/oig/FKdG19Il9zt6LunYt9/ezoQLpu1cmMFv87 2cby3VrDQdaiBTpgfp385GlgBj98zWWcsXTYLEUOn/rgqpA8sTf3LRauvml9XWFThCzb 7RMiuhpWbsXRLP5uqVjrFRVlmNa7LoY06Kz8TYl6c/Q8c1jYvSNjw+En2pz9fWDbJUXD /ftTW7c1sbrqUS273Hn609gQfOR0IYlHtMBnYLX/7foTzI68S4knpeoXJ5S8XC/WqED6 Is1Q==
X-Gm-Message-State: APjAAAX123QGAT30ValqIjeI4d7Jw4TSRtHXp6zOd4JwsY0+qm7TfKgN n5NLrdEXrCJKW8L7oLVPEDJKXLA3AKF25kiCHGI=
X-Google-Smtp-Source: APXvYqx9AIwfy8CFXHM48AQHbbXXkcdew4RuJNlQvzWgIjt+ob8t6w704RVJTWJJ+QJGqC7ljegO72kGMMfYkjR287I=
X-Received: by 2002:a92:aa46:: with SMTP id j67mr7465726ili.189.1575533731071; Thu, 05 Dec 2019 00:15:31 -0800 (PST)
MIME-Version: 1.0
References: <cf4934f3-3807-43cd-9ad4-347ff96cf389@www.fastmail.com>
In-Reply-To: <cf4934f3-3807-43cd-9ad4-347ff96cf389@www.fastmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Thu, 05 Dec 2019 09:15:19 +0100
Message-ID: <CAChr6SyUgoiQCy3BPk25-EdCEaEBB2gOG9zQTLD+fb=qj5To5w@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, felixh@fb.com
Content-Type: multipart/alternative; boundary="0000000000005f4e500598f088d2"
Received-SPF: pass client-ip=2607:f8b0:4864:20::12a; envelope-from=sayrer@gmail.com; helo=mail-il1-x12a.google.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1icmIO-0001PQ-An 724f9f5c8a7b108c8d9a408042a8360e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Review of draft-handte-httpbis-dict-sec-00
Archived-At: <https://www.w3.org/mid/CAChr6SyUgoiQCy3BPk25-EdCEaEBB2gOG9zQTLD+fb=qj5To5w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37201
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Thu, Dec 5, 2019 at 2:45 AM Martin Thomson <mt@lowentropy.net> wrote: > I have to say that I found this to be quite an impressive start. Thanks > for putting this draft together. It does a good job of laying out the > terms of reference from the outset then it thoroughly addresses the > angles. It is perhaps *too* thorough, but I appreciate that cutting > content is quite difficult in practice. > > While I found this to be a reasonable survey of the problem space, I found > the suggested mitigations to be less satisfactory on the whole. This is a > really solid start on explaining the sorts of security problems that > compression introduces, but the mitigations are still too abstract for me > to be comfortable with them. For instance, the document suggests that > padding compressed content might help, but it isn't clear to me to what > extent size reductions would need to be eliminated by padding to gain any > sort of confidence that the side channel could be removed. Then I might > concern myself with the degree to which the resulting timing side channel > remains. > [...] > > Even if we don't compress bundles of diverse content (see the web > packaging work), or compress across multiple resources (as in Vlad's > proposal) we have to recognize that formats like HTML naturally include > content from diverse sources. To think of this in a less positive light: > use of compression is already highly suspect. You basically say this in > Section 2.4 already. You can read that two ways: by recognizing that we're > already in trouble, we might justify adding dictionaries on the basis that > they don't make things appreciable worse; or - as I have - as a suggestion > that we need to better understand and control how compression is used in > general. > This paper includes a good overview of the general message-size problem, including timing attacks: https://hal.inria.fr/hal-00732449/document Compression is mentioned at the end of the introduction. The cost of padding is influenced by at least two factors: 1) The size distribution of the non-padded content. In particular, padding isn't very costly if the content always fits in a small number of packets. 2) Whether a reliable end marker is present in the content or the application framing, so that the client can at least ignore padding bytes. The authors recommend what they call an "anonymity policy" for a given set of content, because a policy tuned for a specific set of content will outperform a general policy. thanks, Rob
- Review of draft-handte-httpbis-dict-sec-00 Martin Thomson
- Re: Review of draft-handte-httpbis-dict-sec-00 Rob Sayre