Re: [secdir] Security directorate review of draft-ietf-quic-http-32
Lars Eggert <lars@eggert.org> Tue, 17 November 2020 05:30 UTC
Return-Path: <lars@eggert.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 193C23A0E0E; Mon, 16 Nov 2020 21:30:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eggert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ds1KVOSbVq-N; Mon, 16 Nov 2020 21:30:32 -0800 (PST)
Received: from mail.eggert.org (mail.eggert.org [IPv6:2a00:ac00:4000:400:211:32ff:fe22:186f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 383953A0E0A; Mon, 16 Nov 2020 21:30:32 -0800 (PST)
Received: from [IPv6:2a00:ac00:4000:400:f87a:925d:978e:33a7] (unknown [IPv6:2a00:ac00:4000:400:f87a:925d:978e:33a7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.eggert.org (Postfix) with ESMTPSA id 2DBBF6104ED; Tue, 17 Nov 2020 07:29:42 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eggert.org; s=dkim; t=1605590982; bh=dSIbrez94pO32vTvp0JZhJwgV9ZNGASZskF+S7n1ggw=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=0UnfkwkYgZC5gVW5Xmfgwa+7cCrNhKC0EucnEGgaV+KTT8dN9HpuVMwtzsT48dwLi 1cI9U7EXgLKfIb8MJ/uj7BTSQDSpuYTB0lfBvD2X/8MCYB38XRMU05ctnyG7ot8EkR qtWeESiS4/B/lCiiLS+J9nMFj6VWu3ob8vMxRUlI=
From: Lars Eggert <lars@eggert.org>
Message-Id: <F0C76656-7432-4DEB-A055-E38082C9A030@eggert.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_836BAB18-D5F9-40BD-B713-BDEBCDAB1716"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Tue, 17 Nov 2020 07:29:41 +0200
In-Reply-To: <202011170456.0AH4uQAN022069@rumpleteazer.rhmr.com>
Cc: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-quic-http.all@ietf.org, QUIC WG <quic@ietf.org>
To: Hilarie Orman <hilarie@purplestreak.com>
References: <202011170456.0AH4uQAN022069@rumpleteazer.rhmr.com>
X-MailScanner-ID: 2DBBF6104ED.A8B56
X-MailScanner: Found to be clean
X-MailScanner-From: lars@eggert.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/REyYA-N0d2ZlSVal15TrWXuRW_s>
Subject: Re: [secdir] Security directorate review of draft-ietf-quic-http-32
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 05:30:34 -0000
[CC'ing the WG] Hi Hilarie, thanks for the review! Since the QUIC WG uses a Github Workflow I've created a separate issue for each of the items in your review and tagged you in it, see in-line responses for the precise issue link. All issues are track in the milestone https://github.com/quicwg/base-drafts/milestone/10 <https://github.com/quicwg/base-drafts/milestone/10> We'd appreciate it if you could coordinate with the HTTP document editor via GitHub, on the issue itself and/or any Pull Request that might be raised to address your comments. On 2020-11-17, at 6:56, Hilarie Orman <hilarie@purplestreak.com <mailto:hilarie@purplestreak.com>> wrote: > > Security review of Hypertext Transfer Protocol Version 3 > draft-ietf-quic-http-32 > > Do not be alarmed. I generated this review of this document as part > of the security directorate's ongoing effort to review all IETF > documents being processed by the IESG. These comments were written > with the intent of improving security requirements and considerations > in IETF drafts. Comments not addressed in last call may be included > in AD reviews during the IESG review. Document editors and WG chairs > should treat these comments just like any other last call comments. > > This document describes "describes a mapping of HTTP semantics over > QUIC. [... It] also identifies HTTP/2 features that are subsumed by > QUIC, and describes how HTTP/2 extensions can be ported to HTTP/3." > > I would like to see the Security Considerations spell out exactly > what security features HTTP expects from QUIC. > > There are reasonably good Security Consideration sections for > both this document and for QUIC transport. The only problem that > I have is that the authentication model for QUIC-HTTP is not > explicitly spelled out. The only discussion is in section 3.4 > Connection Reuse, and although that section may be technically > correct, I find it hard to understand. https://github.com/quicwg/base-drafts/issues/4362 <https://github.com/quicwg/base-drafts/issues/4362> > Similarly, there is brief > mention of privacy wrt reused connections in 10.11, but that is > weak beer, simply saying that HTTP 3 prefers not to reuse connections. https://github.com/quicwg/base-drafts/issues/4363 <https://github.com/quicwg/base-drafts/issues/4363> > And integrity of the data isn't mentioned at all, perhaps because > all this is assumed to be provided by QUIC. Section 10.2 says that > all QUIC packets are encrypted; I'm not sure if that's true, or if > QUIC has an option for "non-modifiable" without encryption. https://github.com/quicwg/base-drafts/issues/4364 <https://github.com/quicwg/base-drafts/issues/4364> Thanks, Lars > The > QUIC draft is 200 pages and is still in progress, ... like a wimp > I skimmed it but did not read it in detail. > > Hilarie
- [secdir] Security directorate review of draft-iet… Hilarie Orman
- Re: [secdir] Security directorate review of draft… Lars Eggert
- Re: [secdir] Security directorate review of draft… Lars Eggert