Re: [saag] Input for conflict review of draft-secure-cookie-session-protocol

Tobias Gondrom <> Sat, 20 October 2012 09:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 15AC321F8532 for <>; Sat, 20 Oct 2012 02:29:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -95.362
X-Spam-Status: No, score=-95.362 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yIvWaZueocRo for <>; Sat, 20 Oct 2012 02:29:05 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D6DEE21F850B for <>; Sat, 20 Oct 2012 02:29:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default;; b=tQzk4hHZSBd5ZMMH36MFPjw7gi1QgHhMPT/vRvUX/oWxm1BejeLqjFGzvdwt6EmAY5Pcc2l+aGG+ILrDNDU/fEOI7zhWbwZ2SYrbE7qSzM7KwgOD6zUEqkB1x1NZp2JG; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Received: (qmail 9507 invoked from network); 20 Oct 2012 11:29:02 +0200
Received: from (HELO ? ( by with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 20 Oct 2012 11:29:02 +0200
Message-ID: <>
Date: Sat, 20 Oct 2012 10:29:02 +0100
From: Tobias Gondrom <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [saag] Input for conflict review of draft-secure-cookie-session-protocol
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 20 Oct 2012 09:29:06 -0000

Hi Thomas,

thank you for providing the background about this.
Obviously I didn't know about the IRTF CFRG, as I did not attend that 
IRTF group meeting at the time.
And I can imagine it can be quite frustrating for you having to explain 
the history and your draft again and again to the different audiences 
and groups over the years. ;-)

Maybe some thoughts on why I think this would benefit from IETF review:
I can see the underlying idea and understand the potential use case of 
storing state on the client in an encrypted container.

However, I see quite a few potential issues that could arise with this 
draft. I am not saying "don't do it", all I am saying is that I really 
think this deserves IETF review (either in saag, or even better an IETF 
WG (not IRTF).

Just as an example: already the very first sentence in the introduction 
some assumptions are half-true/half-false (like e.g. that cookies would 
be "... un-authenticated and sent in clear text." In many applications 
(though not all of them) cookies are in fact transmitted over HTTPS and 
in an authenticated session and not in clear-text...)

A number of questions with this drafts make me suggest that IETF review 
is a good thing (including the question whether IETF wants to do this at 
- is the underlying use case valid for the draft? I am not sure of that.
- the text of the draft would hint towards status as Experimental, not 
as Informational? Why Informational?
- Is there the vision of interoperability between different 
implementations for this?

Please note, that I don't deny at all, that there is a security 
considerations section - and in the case of this draft, I actually like 
that it is quite detailed on security implications compared to some 
other drafts I've reviewed in the past years, but I would question 
whether in fact suggesting to store server state only in a client is a 
good idea at all, as it opens quite a number of security problems.

All this leads me to the recommendation to apply IETF review for this 
draft to avoid trouble.

However, this is only IMHO, for you, saag and the ADs to consider. And I 
have the highest regard for Jim and our other reviewers. So consider 
this just as my 5cents and I will hand over to others on saag (including 
Jim) to comment and decide on whether we should give this more IETF 
review or not...

Best regards, Tobias

On 19/10/12 15:32, Thomas Fossati wrote:
> Hi Tobias,
>>> - Should this be handled by an existing working group?  Which one?
>> Yes.
> A little bit of context, to hopefully give everyone the reasons why
> and how we are here.
> SCS was presented for the first time (to get expert review/feedback)
> to IRTF CFRG in September 2006:
> Then after a long pause, I brought it to the IETF (http-state WG) in
> February 2011:
> where I've tried to propose it as a working group item, with no avail.
> (Please note that this pre-dates JOSE BoF which was held in March 2011 IIRC.)
> So, the natural outcome was to go through ISE, which I've done in December 2011.
> In these years, in different occasions it has received extensive
> review by a couple of well known and respected security guys -- David
> Wagner and Jim Schaad.
> The whole shebang is nothing new, just a simple bearer token format
> which is suitable for use in HTTP (in cookies and URIs, or any other
> HTTP header value).  With the added value that it can be traced back
> to a provably secure authenticated encryption scheme.
> I've taken the trouble to publish as I though it could provide a solid
> and reusable building block for developers, that, as a bonus, are also
> given a reference open-source implementation.
> The Security Consideration has plenty of material about the possible
> risks and related countermeasures / mitigations.  If there's something
> that really needs to be said and it's not already there, please state
> it precisely and I'll do the needed editing.
> I like to hear solid technical comments, I really like it, and I'm
> totally open to modify the I-D as long as the proposed modifications
> makes it a better document.  This is the sole purpose of going through
> the IETF process, after all.
> Thanks, Thomas.
> _______________________________________________
> saag mailing list