[secdir] secdir review of draft-alakuijala-brotli-08

"Xialiang (Frank)" <frank.xialiang@huawei.com> Mon, 11 April 2016 05:47 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4275C12E547; Sun, 10 Apr 2016 22:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.216
X-Spam-Level:
X-Spam-Status: No, score=-5.216 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDbnBliIpXi2; Sun, 10 Apr 2016 22:47:52 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF08512E546; Sun, 10 Apr 2016 22:47:50 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CHD19103; Mon, 11 Apr 2016 05:47:49 +0000 (GMT)
Received: from SZXEMA411-HUB.china.huawei.com (10.82.72.70) by lhreml704-cah.china.huawei.com (10.201.5.130) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 11 Apr 2016 06:47:48 +0100
Received: from SZXEMA502-MBS.china.huawei.com ([169.254.4.36]) by szxema411-hub.china.huawei.com ([10.82.72.70]) with mapi id 14.03.0235.001; Mon, 11 Apr 2016 13:47:40 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-alakuijala-brotli.all@tools.ietf.org" <draft-alakuijala-brotli.all@tools.ietf.org>
Thread-Topic: secdir review of draft-alakuijala-brotli-08
Thread-Index: AdGTthpEGuVvRaAtQJGDUJWf2eunBw==
Date: Mon, 11 Apr 2016 05:47:40 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AF2C416@SZXEMA502-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.46.118.22]
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12AF2C416SZXEMA502MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.570B3A85.0037, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.36, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: f24ef62e69fc6be5a6408a62c5de0973
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/D1_RgfWuiTvWiRsXK7ITZdZ4b50>
Subject: [secdir] secdir review of draft-alakuijala-brotli-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2016 05:47:54 -0000

Hello,





I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.





This document defines a lossless compressed data format that compresses data using a combination of the LZ77 algorithm and Huffman coding, with efficiency comparable to the best currently available general-purpose compression methods.





The document appears in reasonably good shape.



In general, this document specify a new compressed data format which is used in the end points of a connection, which is not directly subject to network security issues. In other words, the compressed contents can be protected by all the existing security technologies (i.e., encryption, authentication/authorization, anti-attack, etc) if necessary. The main security concern is about how the bad (or faked) compressed data will attack the end system, such as: buffer overflow and resource consumption! Some of the concerns are covered in the "Security Considerations" section.



But there are still several security issues (TBDs) missing in the document that need to be addressed before publication.





Below is a series of my comments, questions for your consideration.





Discussion: Section 2

Right now, your compressed data format is mainly used for the http (see in the IANA section). Have you considered whether it can also be applied to IP compression?







Comments: Section 11

In the security considerations section, there are still some serious security issues not mentioned:

1. Resource consumption to the system containing a decompressor implementation: decompressing the invalid compressed data can make the decompressor system's resource (cpu, memory, storage) to be consumed greatly, how to protect against this possible attack?

2. Resource consumption or buffer overflow to the system containing a compressor implementation: correspondingly, when a network proxy get some contents and need to compress them using this format, how to protect against the possible attacks when compressing the invalid (or faked) contents?







Thank you.



B.R.

Frank