[secdir] Fwd: SECDIR review of draft-ietf-httpbis-alt-svc-12
Chris Lonvick <lonvick.ietf@gmail.com> Sun, 21 February 2016 20:57 UTC
Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C15A31ACD7A; Sun, 21 Feb 2016 12:57:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uX7KcQKQfzfP; Sun, 21 Feb 2016 12:57:15 -0800 (PST)
Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 232571A903B; Sun, 21 Feb 2016 12:57:15 -0800 (PST)
Received: by mail-pf0-x22f.google.com with SMTP id x65so80871651pfb.1; Sun, 21 Feb 2016 12:57:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-type; bh=VgkxeeYWYaU66kL4OE4A6fEuPYuqadipaVuXoBUHqig=; b=tb8YsyzdXCgbinKimpZ1HF0FhEKYRdv9oaYIvIvpPCsHTSTdCq6kRWTM5KvZO6Pvzr B0hP1luiFLGi380WnKuL5hdXsTZxPhCtut5t/QPTu0CSRI//aW591FsEx2xc3ZrjSQ47 +LLw7al+5DDvWxjPAq2zK0JqD5lntauwtBEeddXpWFKWPyVPIgrKANpIcCO/iGIl9LeX +OoO/nXuzSldzWuIAWF9d3xLRwlXZJ7k7mBpHvo/f89vLfKrYw0OFc4hH910l8BRJZ10 z1/niLwW2e78qgcBFmD5N4ovucp45GWVWudNp0LQgquN79AO6/hLz1xsfIAtb9WNa0sT /73g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-type; bh=VgkxeeYWYaU66kL4OE4A6fEuPYuqadipaVuXoBUHqig=; b=FCklwU6bE+m89giVA/6AtXGo7AmgM89XGe9JKet9/sVIKym/7+ergrNea5sJd/uqkg 5YEB/IOzgat++MVBABItOV8mF4Um7EYVKyzKw40LIw1o5TLKXmD5XdZYpyUBwfExw3BI sKYpJKc2QaM1ETWcuywl2/q+pCru47+iPa/gqlJuwnwS9DnyHNhvvvOrrubWKl6RomnB sjQxFwxw6Y0r1CLaNwjiSQ/maYK/+0qxv9DqSdRKZc51TzlIaVmkmiNwMHUzw4qOUTK8 b0QkYXEBxs1OcweK97bYbYdxafHgZZVM/cgtuS+o8Wj+b0iC8WF6XnOoavarWU2Q/K/A bcEQ==
X-Gm-Message-State: AG10YOT6LLnF0fSJZ2RfHVhhe4zIzU+c+J9zGmbrEapzNGDe3lg/SsUS8y1edvNc2kD4uA==
X-Received: by 10.98.2.197 with SMTP id 188mr33697401pfc.3.1456088234757; Sun, 21 Feb 2016 12:57:14 -0800 (PST)
Received: from Chriss-Air.attlocal.net ([2602:306:838b:1c40:a097:f2ec:56ef:5b85]) by smtp.googlemail.com with ESMTPSA id 67sm31723694pfi.2.2016.02.21.12.57.13 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 21 Feb 2016 12:57:14 -0800 (PST)
References: <56CA1A79.4040107@gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-httpbis-alt-svc.all@tools.ietf.org
From: Chris Lonvick <lonvick.ietf@gmail.com>
X-Forwarded-Message-Id: <56CA1A79.4040107@gmail.com>
Message-ID: <56CA24AD.8010102@gmail.com>
Date: Sun, 21 Feb 2016 14:57:17 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56CA1A79.4040107@gmail.com>
Content-Type: multipart/alternative; boundary="------------000706030809060405040102"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/VacYsLGXTw4eKE1VM03mHD_XgYk>
Subject: [secdir] Fwd: SECDIR review of draft-ietf-httpbis-alt-svc-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2016 20:57:18 -0000
Resending to get it to all the right people.
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Overall, the document looks pretty good. It clearly spells out its
intent and the implementation. I believe it will be useful.
I would recommend some small edits which are more on the subjective
side. Please take these as mere suggestions and use them, edit them, or
ignore them as you see fit.
The term "safely ignore it" is used twice in the document. I would
prefer a more concrete directive for each. The first time it is used is
in the second paragraph of Section 4. In this case, the term should be
replaced with "MAY" as that is definitive per RFC 2119 for the protocol.
The second case occurs in the following paragraph:
The ALTSVC frame is intended for receipt by clients; a server that
receives an ALTSVC frame can safely ignore it.
I'd recommend changing that to:
The ALTSVC frame is intended for receipt by clients. A device acting
as a server MUST ignore it.
This advises what to do if a server receives the frame, but allows some
leeway if the device is simultaneously being used as a client.
In Section 9.2, there is a paragraph that starts as follows:
Alternative services could be used to persist such an attack; for
example, an...
The whole thing is a bit of a run-on sentence so I'd recommend that the
semicolon be replaced with a period and a second sentence started after
that.
Each use of 'e.g.' should be followed by a comma. There seem to be some
that aren't.
Section 9.3 has the following two paragraphs:
For example, if an"https://" URI has a protocol advertised that does
not use some form of end-to-end encryption (most likely, TLS), it
violates the expectations for security that the URI scheme implies.
Therefore, clients cannot blindly use alternative services, but
instead evaluate the option(s) presented to assure that security
requirements and expectations (of specifications, implementations and
end users) are met.
This should either be one unified paragraph or two paragraphs expressing
different thoughts. My suggestion would be:
For example, if an"https://" URI has a protocol advertised that does
not use some form of end-to-end encryption (most likely TLS), it
violates the expectations for security that the URI scheme denotes.
Therefore, clients MUST NOT blindly use alternative services, but
instead SHOULD evaluate the option(s) presented and make a selection
that assures the security requirements and expectations of policy
provided by specifications, implementations, and end user desires.
There are a lot of parentheticals throughout. Putting an 'e.g.' or
'i.e.' in a sentence does not require that it be within parenthesis.
Stick a comma in front it it and move on. ;-) Y'all almost did that
within the last paragraph of Section 9.5 but didn't get it altogether
right.
When the protocol does not explicitly carry the scheme (e.g., as is
usually the case for HTTP/1.1 over TLS, servers can mitigate this
risk by either assuming that all requests have an insecure context,
or by refraining from advertising alternative services for insecure
schemes (such as HTTP).
The first parenthetical is opened with a left parenthesis but closed
with a comma. I'd suggest using commas to open and close that. The
second should just be separated by a preceding comma. Best regards, Chris
- [secdir] SECDIR review of draft-ietf-httpbis-alt-… Chris Lonvick
- [secdir] Fwd: SECDIR review of draft-ietf-httpbis… Chris Lonvick
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Barry Leiba
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Salz, Rich
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Mark Nottingham