[secdir] SECDIR review of draft-ietf-httpbis-cdn-loop-01

Donald Eastlake <d3e3e3@gmail.com> Tue, 11 December 2018 11:40 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 06624130DD5; Tue, 11 Dec 2018 03:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id enLn2J4o8B30; Tue, 11 Dec 2018 03:40:21 -0800 (PST)
Received: from mail-it1-x135.google.com (mail-it1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12FF8130DDB; Tue, 11 Dec 2018 03:40:18 -0800 (PST)
Received: by mail-it1-x135.google.com with SMTP id o19so3035648itg.5; Tue, 11 Dec 2018 03:40:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=Yt3gqCliQW5jS3Ezbcnck3iTxoCixBawlxyHaTJoXoA=; b=klDZpM5rHI8V2kiWTJMwh0Bpj8CQ3dwbtVrVX1cMMWe0/vmGYRq4GLKiUOQs8xX3Fd cEw3L2z8C1+AH+U5RJ503QfN+t1m8ajgKQThXq1jDhfMWm4zAGNOG7JOpae1Wus0XEWr /7K/8gNXa/LtsavQUVyhRpJDJva+ODRraCotdXtAGF/H3xRmSmdwT0WADgkKDoRLtaIv XCvzP3JZGPGXIQiot0oIcagEvPUYS0HBXr38GbPxDyuetcnxzS6zVMiofvHCBtXZtjx6 3tkaUJiifxdwUP9HcRvT+RKNfeNeo54ZJBmMQ06t6F35hllcT1QFkyFKIMRoUo/H3lrQ I/tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=Yt3gqCliQW5jS3Ezbcnck3iTxoCixBawlxyHaTJoXoA=; b=Mtx5RKXOzzzMInX8+NsR5vrstw4r5wDhpodEoPnOiO1Otb/ZT1hxhm7VSH/Q9HxvwY uz7GBNUmSkdBKuirKlAYTIPhZNTXVhkzkG3bLAw6I8sHjS+LeJLKb6/EFk+F7ZDt8Ht3 eA/54k/bwl1/ZkX+qnCT1w5v7HDLFsvej1LDHIErlQePNuJpsHEHaSg78x1+s6HHb4nO 1OL/EqGwI4ILeZc7pvbf5pCynZHObVkwrzuo8quEktQs/iZQxfs1KX9cDU0fBm+7PFAv B0OgyTSb0AbKBzmNB1h/qfD3Z3CK7O1KPbU4lwgdp6I0lT7pHwUSYvJV3M3H3GcPnTyE 997g==
X-Gm-Message-State: AA+aEWbHdi8qxlMWzbgyiQvuI25cQiHuAbYTTi67cARlfsKTblwIxyrI 9XU8bXOiDVdbALjE0QIhNloKB0YIYmZCVDduROYE7snt
X-Google-Smtp-Source: AFSGD/X51CNH6zrWkWLTGZ3Q6cMMijeR8uJnk9ddZpytVehE+wkfUIgUzujnU9IZgE30Gy5/DM8jWi6d5qnHpnDPizk=
X-Received: by 2002:a24:6e88:: with SMTP id w130mr1715974itc.103.1544528416961; Tue, 11 Dec 2018 03:40:16 -0800 (PST)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 11 Dec 2018 06:40:05 -0500
Message-ID: <CAF4+nEH7OoTDFkXKy0M4KQ_DeSCfDPUT4HUgdgG1ksV+HXCnng@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-httpbis-cdn-loop.all@ietf.org
Cc: secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a37ae5057cbd8b9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Gx4PbPPWUYjzc0ddlqpJt6kLfUY>
Subject: [secdir] SECDIR review of draft-ietf-httpbis-cdn-loop-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 11:40:22 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  Document
editors and WG chairs should treat these comments just like any other last
call comments.

The summary of the review is Ready with issues.

This document specifies a new "CDN-Loop" HTTP header field to detect
Content Delivery Network loops. Such loops can be caused by
misconfiguration or as part of a denial of service attack.


It is slightly misleading that in Section 1 the draft says how valuable an
HTTP header "guaranteed not to be modified" would be but then the draft
does not provide such a header. Maybe instead say "should normally be

I believe this document should RECOMMEND that CDN-Loop headers include some
sort of MAC (Message Authentication Code) covering the header so a CDN node
can reliably recognize CDN-Loop headers that it has added. Since it need
only recognize its own headers, the MAC need not be further specified or
interoperable. (CDN-Loop information in an HTTP message can grow by the
appending of entries or by additional of another CDN-Loop header. Since I
have little confidence in the stability of header order, I would suggest
MACs added as a parameter to a CDN-Loop header by the last parameter for
that entry and sign that entry and all previous entries in that CDN-Loop
header.) This could be done by modifying the 3rd paragraph of the Security
Considerations section.


Section 2: 3rd paragraph, suggest replacing "field to all requests" with
"field in all requests".

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA