Re: Stateful compression of cookies (Re: Delta Compression and UTF-8 Header Values)

Nico Williams <nico@cryptonector.com> Mon, 11 February 2013 16:38 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD62E21F88E1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 11 Feb 2013 08:38:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.908
X-Spam-Level:
X-Spam-Status: No, score=-7.908 tagged_above=-999 required=5 tests=[AWL=1.917, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfL7jTCQH40i for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 11 Feb 2013 08:38:43 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 116C521F8915 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 11 Feb 2013 08:38:43 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1U4wNq-0005gC-6C for ietf-http-wg-dist@listhub.w3.org; Mon, 11 Feb 2013 16:37:34 +0000
Resent-Date: Mon, 11 Feb 2013 16:37:34 +0000
Resent-Message-Id: <E1U4wNq-0005gC-6C@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1U4wNi-0005f6-Nr for ietf-http-wg@listhub.w3.org; Mon, 11 Feb 2013 16:37:26 +0000
Received: from caiajhbdcbbj.dreamhost.com ([208.97.132.119] helo=homiemail-a73.g.dreamhost.com) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1U4wNh-0001Pk-AM for ietf-http-wg@w3.org; Mon, 11 Feb 2013 16:37:26 +0000
Received: from homiemail-a73.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTP id 430101F008E for <ietf-http-wg@w3.org>; Mon, 11 Feb 2013 08:37:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=hh7Pxo373k7DXhPp47ma ltw2Gw4=; b=KAIKPOg2pjkKPCsj2xxE2Ajn2atkK5klhL3gQ+yi1fu2u4zYvG78 jBVI7dXD9vfiGR1Nh4jTReVIXyHfIonW/yjTlT2uGT8i2/SP4TZ+0C74nWGNuWYm e5yC2ZsOm7lE4bJVz3g7qLroFyquDPZhaXEphxULw2TQ4kdgSkGtE6w=
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTPSA id BA7EF1F0083 for <ietf-http-wg@w3.org>; Mon, 11 Feb 2013 08:37:02 -0800 (PST)
Received: by mail-wg0-f48.google.com with SMTP id 16so4790840wgi.3 for <ietf-http-wg@w3.org>; Mon, 11 Feb 2013 08:36:53 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.180.99.227 with SMTP id et3mr17384707wib.6.1360600613122; Mon, 11 Feb 2013 08:36:53 -0800 (PST)
Received: by 10.217.39.133 with HTTP; Mon, 11 Feb 2013 08:36:53 -0800 (PST)
In-Reply-To: <CAMm+Lwjtvng7XdTWm5EQwRgsEMbp9itsoN=m9PnSYu5ry7TF1A@mail.gmail.com>
References: <CAK3OfOieNOsN7=2TV_25nTr+7Y3a-fyjSGV+F7HdbEQT8cB9xg@mail.gmail.com> <85697.1360567222@critter.freebsd.dk> <CAK3OfOhGoQ0HtMu4HRo5kne1fgwDkzU6AHceCUTPHEXXW5HypQ@mail.gmail.com> <CAMm+Lwjtvng7XdTWm5EQwRgsEMbp9itsoN=m9PnSYu5ry7TF1A@mail.gmail.com>
Date: Mon, 11 Feb 2013 10:36:53 -0600
Message-ID: <CAK3OfOjZ+u_ieZtSrBMSwsCx3ngOj7V=sHbfV-nW+zKSEwJCmg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Zhong Yu <zhong.j.yu@gmail.com>, Julian Reschke <julian.reschke@gmx.de>, "\"Martin J. Dürst\"" <duerst@it.aoyama.ac.jp>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: none client-ip=208.97.132.119; envelope-from=nico@cryptonector.com; helo=homiemail-a73.g.dreamhost.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.448, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: lisa.w3.org 1U4wNh-0001Pk-AM 46af205597c52a7049e3295277097aae
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Stateful compression of cookies (Re: Delta Compression and UTF-8 Header Values)
Archived-At: <http://www.w3.org/mid/CAK3OfOjZ+u_ieZtSrBMSwsCx3ngOj7V=sHbfV-nW+zKSEwJCmg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/16561
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, Feb 11, 2013 at 10:05 AM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> On Mon, Feb 11, 2013 at 10:24 AM, Nico Williams <nico@cryptonector.com>
> wrote:
>> (Also, a note about small session IDs: they can't be so small as to be
>> guessable.  32-bit session IDs would be a disaster.  I think I'd not
>> feel comfortable with session IDs smaller than 96-bits.)
>
>
> Please, lets not repeat the mistake of doing bearer tokens.

Heh, well, you know that I'm with you on this, as we both have I-Ds
that involve the use of MACs to authenticate access to sessions on
each request.

> I would very much like to separate out authentication tokens from state
> tokens so that we can get some sanity. But the replacement for the use of a
> session cookie for authentication should be a proof of knowledge of the
> shared secret rather than presentation of the shared secret itself.

Right.

> Doing this would render the various BEAST and CRIME attacks ineffective
> along with most cookie stealing as the  confidential data would only go
> across the wire in plaintext at most once.

Although BEAST/CRIME are not the only reasons to want this.

> So the communication pattern might be:

But we still need a) a session ID, and/or b) server-side state stored
as encrypted cookies (in the generic sense, not "web cookies") on the
client side.

Nico
--