[secdir] SECDIR review of draft-ietf-httpbis-cdn-loop-01
Donald Eastlake <d3e3e3@gmail.com> Tue, 11 December 2018 11:40 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06624130DD5; Tue, 11 Dec 2018 03:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enLn2J4o8B30; Tue, 11 Dec 2018 03:40:21 -0800 (PST)
Received: from mail-it1-x135.google.com (mail-it1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12FF8130DDB; Tue, 11 Dec 2018 03:40:18 -0800 (PST)
Received: by mail-it1-x135.google.com with SMTP id o19so3035648itg.5; Tue, 11 Dec 2018 03:40:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=Yt3gqCliQW5jS3Ezbcnck3iTxoCixBawlxyHaTJoXoA=; b=klDZpM5rHI8V2kiWTJMwh0Bpj8CQ3dwbtVrVX1cMMWe0/vmGYRq4GLKiUOQs8xX3Fd cEw3L2z8C1+AH+U5RJ503QfN+t1m8ajgKQThXq1jDhfMWm4zAGNOG7JOpae1Wus0XEWr /7K/8gNXa/LtsavQUVyhRpJDJva+ODRraCotdXtAGF/H3xRmSmdwT0WADgkKDoRLtaIv XCvzP3JZGPGXIQiot0oIcagEvPUYS0HBXr38GbPxDyuetcnxzS6zVMiofvHCBtXZtjx6 3tkaUJiifxdwUP9HcRvT+RKNfeNeo54ZJBmMQ06t6F35hllcT1QFkyFKIMRoUo/H3lrQ I/tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=Yt3gqCliQW5jS3Ezbcnck3iTxoCixBawlxyHaTJoXoA=; b=Mtx5RKXOzzzMInX8+NsR5vrstw4r5wDhpodEoPnOiO1Otb/ZT1hxhm7VSH/Q9HxvwY uz7GBNUmSkdBKuirKlAYTIPhZNTXVhkzkG3bLAw6I8sHjS+LeJLKb6/EFk+F7ZDt8Ht3 eA/54k/bwl1/ZkX+qnCT1w5v7HDLFsvej1LDHIErlQePNuJpsHEHaSg78x1+s6HHb4nO 1OL/EqGwI4ILeZc7pvbf5pCynZHObVkwrzuo8quEktQs/iZQxfs1KX9cDU0fBm+7PFAv B0OgyTSb0AbKBzmNB1h/qfD3Z3CK7O1KPbU4lwgdp6I0lT7pHwUSYvJV3M3H3GcPnTyE 997g==
X-Gm-Message-State: AA+aEWbHdi8qxlMWzbgyiQvuI25cQiHuAbYTTi67cARlfsKTblwIxyrI 9XU8bXOiDVdbALjE0QIhNloKB0YIYmZCVDduROYE7snt
X-Google-Smtp-Source: AFSGD/X51CNH6zrWkWLTGZ3Q6cMMijeR8uJnk9ddZpytVehE+wkfUIgUzujnU9IZgE30Gy5/DM8jWi6d5qnHpnDPizk=
X-Received: by 2002:a24:6e88:: with SMTP id w130mr1715974itc.103.1544528416961; Tue, 11 Dec 2018 03:40:16 -0800 (PST)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 11 Dec 2018 06:40:05 -0500
Message-ID: <CAF4+nEH7OoTDFkXKy0M4KQ_DeSCfDPUT4HUgdgG1ksV+HXCnng@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-httpbis-cdn-loop.all@ietf.org
Cc: secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a37ae5057cbd8b9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Gx4PbPPWUYjzc0ddlqpJt6kLfUY>
Subject: [secdir] SECDIR review of draft-ietf-httpbis-cdn-loop-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 11:40:22 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with issues. This document specifies a new "CDN-Loop" HTTP header field to detect Content Delivery Network loops. Such loops can be caused by misconfiguration or as part of a denial of service attack. Security: It is slightly misleading that in Section 1 the draft says how valuable an HTTP header "guaranteed not to be modified" would be but then the draft does not provide such a header. Maybe instead say "should normally be unmodified". I believe this document should RECOMMEND that CDN-Loop headers include some sort of MAC (Message Authentication Code) covering the header so a CDN node can reliably recognize CDN-Loop headers that it has added. Since it need only recognize its own headers, the MAC need not be further specified or interoperable. (CDN-Loop information in an HTTP message can grow by the appending of entries or by additional of another CDN-Loop header. Since I have little confidence in the stability of header order, I would suggest MACs added as a parameter to a CDN-Loop header by the last parameter for that entry and sign that entry and all previous entries in that CDN-Loop header.) This could be done by modifying the 3rd paragraph of the Security Considerations section. Nit: Section 2: 3rd paragraph, suggest replacing "field to all requests" with "field in all requests". Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 1424 Pro Shop Court, Davenport, FL 33896 USA d3e3e3@gmail.com
- [secdir] SECDIR review of draft-ietf-httpbis-cdn-… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Mark Nottingham
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Mark Nottingham