Re: PRISM and HTTP/2.0

Reto Bachmann-Gmür <reto@gmuer.ch> Wed, 17 July 2013 16:11 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5031E11E80F4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Jul 2013 09:11:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.677
X-Spam-Level:
X-Spam-Status: No, score=-9.677 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlNhCYqzmrBh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Jul 2013 09:11:15 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id AB68A21F9F34 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 17 Jul 2013 09:11:15 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UzUJG-000162-8a for ietf-http-wg-dist@listhub.w3.org; Wed, 17 Jul 2013 16:10:34 +0000
Resent-Date: Wed, 17 Jul 2013 16:10:34 +0000
Resent-Message-Id: <E1UzUJG-000162-8a@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <reto@gmuer.ch>) id 1UzUJ7-00015K-OE for ietf-http-wg@listhub.w3.org; Wed, 17 Jul 2013 16:10:25 +0000
Received: from r2-d2.netlabs.org ([213.238.45.90]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <reto@gmuer.ch>) id 1UzUJ6-0002jj-4d for ietf-http-wg@w3.org; Wed, 17 Jul 2013 16:10:25 +0000
Received: (qmail 9829 invoked by uid 89); 17 Jul 2013 16:10:01 -0000
Received: from unknown (HELO mail-lb0-f177.google.com) (farewellutopia@netlabs.org@209.85.217.177) by 0 with ESMTPA; 17 Jul 2013 16:10:01 -0000
Received: by mail-lb0-f177.google.com with SMTP id 10so1668786lbf.22 for <ietf-http-wg@w3.org>; Wed, 17 Jul 2013 09:10:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=E5QQ2cwaX8uCE/r5jQkztxxp/Lw0rvWDrBlLKGXLePc=; b=MN+1HBB/lSnx444Dyv7EHg7nv6/f56pp2TOB3QCrfMDljjaC8VFOHYhramexpJiXVa X7IuTNcMzhAbmL7BS3mrL6TTzwq05BuUW1Toe0/PdBZoY43AQJW4lzoK3xXoDx8id001 dJgdMBsd2AY+AcAhhLoK8V4tgc9hPtUSlC0DK+il5LjvZOScJJjPkcpnJjwjLGf3uolv pwzJ54F9kRbvHRwO7/gTv0OCQI3h7Ix6sgJ5FXkUMsYHTmmS1/CJFtQzbliEqVNhx2Lu tbeHJQYSz62FABZKQLXeMVdLGZ0jhdmfq+nhMr7oK+kFH8tW1BQZRmV+L0ktIGPrjOS8 78Ww==
MIME-Version: 1.0
X-Received: by 10.112.88.169 with SMTP id bh9mr3543932lbb.12.1374077400497; Wed, 17 Jul 2013 09:10:00 -0700 (PDT)
Received: by 10.152.125.144 with HTTP; Wed, 17 Jul 2013 09:10:00 -0700 (PDT)
X-Originating-IP: [31.24.10.206]
In-Reply-To: <CAK3OfOj6i2e4Lz7jruy49XugKzpv-Ckn4GiVE6M6EvFVVMk2bg@mail.gmail.com>
References: <5672.1373710085@critter.freebsd.dk> <51E1D7AF.20708@jrn.me.uk> <CALvhUEW87qGoCYAPY_DW37bs4P=maD0iWFk6tWc-ZVN15KUWtg@mail.gmail.com> <51E53A7D.4090306@treenet.co.nz> <CALvhUEVxnJcvfc13PsEZW_8S4ZsLiZb1+h_f-M2W96jv_b0EBQ@mail.gmail.com> <CAK3OfOj6i2e4Lz7jruy49XugKzpv-Ckn4GiVE6M6EvFVVMk2bg@mail.gmail.com>
Date: Wed, 17 Jul 2013 18:10:00 +0200
Message-ID: <CALvhUEWKKN3eQiSS_qgSQA1L5v6AVxvcTXe==MJT3Xo67a35EA@mail.gmail.com>
From: Reto Bachmann-Gmür <reto@gmuer.ch>
To: Nico Williams <nico@cryptonector.com>
Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmUGCrqYcfaReeqq1eZPlSQnQOgJUALkwMgv8tbvI1QSU3C29/2BhhBw9pu/DiBdA+Hhzzb
Received-SPF: none client-ip=213.238.45.90; envelope-from=reto@gmuer.ch; helo=r2-d2.netlabs.org
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.450
X-W3C-Scan-Sig: lisa.w3.org 1UzUJ6-0002jj-4d 91a57e423a5fdc8659d69ea7e6d2cc39
X-Original-To: ietf-http-wg@w3.org
Subject: Re: PRISM and HTTP/2.0
Archived-At: <http://www.w3.org/mid/CALvhUEWKKN3eQiSS_qgSQA1L5v6AVxvcTXe==MJT3Xo67a35EA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18825
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Tue, Jul 16, 2013 at 7:29 PM, Nico Williams <nico@cryptonector.com> wrote:
> On Tue, Jul 16, 2013 at 11:28 AM, Reto Bachmann-Gmür <reto@gmuer.ch> wrote:
>> On Tue, Jul 16, 2013 at 2:20 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:
>>> On 16/07/2013 4:19 a.m., Reto Bachmann-Gmür wrote:
>>> I can't think how.
>>
>> Abusing the userinfo subcomponent a  URI could look like this
>>
>> https://WanYixZKajPyjw2llf@example.org/foo
>>
>> If the public key presented by the server does not match the digest
>> WanYixZKajPyjw2llf the client would present a warning.
>>
>>> The MITM can as easily change that public key to its own
>>> one and use the original itself as the client could use it in the first
>>> place.
>>
>> No. The MITM might be able to provide a duly signed certificate for
>> example.org but it would much harder to create one which matches the
>> digest present in the referring URIs.
>
> This doesn't allow for key/cert rollover.
True for the simplest version. But such a crypto identity token yould
also be a hash of some longer lived cert used to sign the cert that
are being changed more frequently. And there could be mechanism to
have multiple valid tokens so that old ones can be gradually phased
out. Like for an invalid ca-cert it's ultimately up do the user to
decide what to do when the cert of a site doesn't match the token in
the link. It just would give users who care about security better
means to do so.

Cheers,
Reto