[secdir] Re: Secdir last call review of draft-ietf-httpbis-compression-dictionary-09

Patrick Meenan <pmeenan@google.com> Wed, 07 August 2024 23:41 UTC

Return-Path: <pmeenan@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B90AC1519BA for <secdir@ietfa.amsl.com>; Wed, 7 Aug 2024 16:41:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.608
X-Spam-Level:
X-Spam-Status: No, score=-17.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCPObepWNzDn for <secdir@ietfa.amsl.com>; Wed, 7 Aug 2024 16:41:03 -0700 (PDT)
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10D03C151997 for <secdir@ietf.org>; Wed, 7 Aug 2024 16:41:03 -0700 (PDT)
Received: by mail-yb1-xb2e.google.com with SMTP id 3f1490d57ef6-e087641d2a2so349943276.0 for <secdir@ietf.org>; Wed, 07 Aug 2024 16:41:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1723074062; x=1723678862; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=e0jGc+qBvuIqXhtf9EWv019MQytLRqK/0LvGqdXUEaU=; b=3w6Wke1MTzMLoPmHZM+wrcZZHA9dA/aftNMxtVmqIgnmGYDOCjGbBA/R7dZC771QR/ jtzVaM5BBX1+DhE45nvKuJsLkHhCAeVnlQPD8tx9m5ogsCP1Wh9MliWUadgGU2YtgpaO QwHta27tmB6egTynps54nITZItaGGOKE+Mxz4MP5wO0ubxMISPBCgbkmEpSn2TTNtnhk gTvNKFEVbGt2IG1xWYDMuuVskKzemqYMjIptupT/o3OPEFe7so2PHmWQGzUJzTDZlib/ YSYEUhqX0S9KYyicQGTHCyiEm3WYi2sfWgV0Lc0+7JiPFn/DwmJCOzO0ZEynRaSJB1Ui ukRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723074062; x=1723678862; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e0jGc+qBvuIqXhtf9EWv019MQytLRqK/0LvGqdXUEaU=; b=jRqUgR5hg9SktfucGLF+VyQhpx8fcXmQy03Vk7xvOA2SLh6RfR7ajRcANQH1vhVvSd E8IoT+0ir3q+uH+DE2KmwJhXLCna+d9L8kydz2Yu324oyP6GpPeyk5oJR38dp5b/yiKw M+bvvo9BPnejjxnHvnKtDRpNAL8cDx+ciwadIBu2fSjZWohxi0BOEeYvSErJMzonaq0y Xn3odujdT/xcZtmqSBKE4GyDz/E6Ae/GcGdisbKJ7TxMDagW7RnA048UHXxzXidlVFRA 5Wqv1PM7E3qWWDwCX17shdS8tGaAoJq4H9+wyKjS9bMTYAqWGpMd8Hv84EGCX3N15BBX kxAg==
X-Gm-Message-State: AOJu0YxU8LOR6LA66Ja2ETv8Lfavlp5mcxJGPSdyZl+rDtWjDLcLnDUN Yc15PmP3aESWajpYxl883KFM0sDs06jAhtgYGEw/wgjS30F//CWnR/EmzICMg2VF0DdeXM0XAj7 xS2UyAiwaAnuOef26nP9m/Leh7V5fcYKQ2Dg7
X-Google-Smtp-Source: AGHT+IHfDQNpNgoIirynEU+FEluaRifD5seZZxhEpQWfV+MXVj0Dd2GFW+ONWB9ntVTbJ9oXq6Y9nTcLvwqhO0AmDX0=
X-Received: by 2002:a05:6902:2e0f:b0:e0b:f69b:da19 with SMTP id 3f1490d57ef6-e0e9dbb268bmr221004276.40.1723074061846; Wed, 07 Aug 2024 16:41:01 -0700 (PDT)
MIME-Version: 1.0
References: <172307181050.195.15472875602261483639@dt-datatracker-6df4c9dcf5-t2x2k>
In-Reply-To: <172307181050.195.15472875602261483639@dt-datatracker-6df4c9dcf5-t2x2k>
From: Patrick Meenan <pmeenan@google.com>
Date: Wed, 07 Aug 2024 19:40:49 -0400
Message-ID: <CACPgMqWT_jaqM2U94oV9=GX-iQL_3WwCAxrazQgZinODWoP2Ew@mail.gmail.com>
To: Nancy Cam-Winget <ncamwing@cisco.com>
Content-Type: multipart/alternative; boundary="00000000000061d173061f2071fa"
Message-ID-Hash: 2W44J7XR5E4GPUU7AR6TOEZFSENGULHO
X-Message-ID-Hash: 2W44J7XR5E4GPUU7AR6TOEZFSENGULHO
X-MailFrom: pmeenan@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, draft-ietf-httpbis-compression-dictionary.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-httpbis-compression-dictionary-09
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4enbqDPLikfhTQ-iMzh2neJQXKk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Thank you for the review.

The intent of providing the hash of the "Available-Dictionary" is to be
sure that the contents of the dictionary on the client are the same as what
the server is using for the compression (more for integrity than anything
else). It also acts as a default identifier in the negotiation if an
explicit ID isn't provided. Both ZStandard and Brotli also use hashes to
verify the dictionary before decompression to prevent corruption but
providing it in the request header allows for the server to not send an
invalid response in the first place in case the payloads got modified
somewhere in the path previously or something else got out of sync.

It is allowed (and expected) that there may be multiple dictionaries for
the same resource (i.e. version 1.1 of example.js and version 1.2 of
example.js both used as dictionaries for version 1.3 for different delta
updates) and the hash makes differentiating them automatic (and standard).

It's not meant as a protection against explicit attack - that is expected
to be handled by the transport itself (encryption, cert verification, etc).
An attack on the dictionary or payload would have the same risks and
vulnerabilities as an attack on the uncompressed response itself (that part
is where the same-origin dictionary/payload requirement comes from).

Thanks,

-Pat

On Wed, Aug 7, 2024 at 7:03 PM Nancy Cam-Winget via Datatracker <
noreply@ietf.org> wrote:

> Reviewer: Nancy Cam-Winget
> Review result: Ready
>
> SECDIR review of draft-ietf-httpbis-compression-dictionary-09
>
> Reviewer: Nancy Cam-Winget
>
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
>
> This document defines HTTP headers that can be used for negotiating
> for enabling compression by using dictionaries.  The negotiation
> defines an external dictionary that provides the mapping or patterns
> to decode when compression is enabled.  The document leverages the use
> of Brotli (RFC7932) and Standard (RFC8878) as the compression schemes.
>
>
> The document reads well and I have found no issues but have
> One minor question:
>
> Section 2.2
> * Is the intent of providing the hash of the "Available-Dictionary"
> meant to be for protection or for compression?
>
> Section 9.1
> * To my point in Section 2.2, we presume that all headers are
> encrypted and protected, so I think it would depend on what protection
> is being achieved. That is, I think it should be stated that if the
> header protection is found to be weak, this can be made vulnerable too
> (I think this is somewhat covered in 9.2 maybe?)
>
>
>
>