IETF Logo Mail Archive

[secdir] Security directorate review of draft-ietf-quic-http-32

Hilarie Orman <hilarie@purplestreak.com> Tue, 17 November 2020 04:59 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CA63A0D81; Mon, 16 Nov 2020 20:59:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bq_0OemI7jCK; Mon, 16 Nov 2020 20:59:48 -0800 (PST)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C75E3A0D7E; Mon, 16 Nov 2020 20:59:47 -0800 (PST)
Received: from in01.mta.xmission.com ([166.70.13.51]) by out02.mta.xmission.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <hilarie@purplestreak.com>) id 1ket5l-00CP9U-JV; Mon, 16 Nov 2020 21:59:45 -0700
Received: from [166.70.232.207] (helo=rumpleteazer.rhmr.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1ket5k-0001N4-Ug; Mon, 16 Nov 2020 21:59:45 -0700
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id 0AH4uQYl022070; Mon, 16 Nov 2020 21:56:26 -0700
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id 0AH4uQAN022069; Mon, 16 Nov 2020 21:56:26 -0700
Date: Mon, 16 Nov 2020 21:56:26 -0700
Message-Id: <202011170456.0AH4uQAN022069@rumpleteazer.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org
Cc: draft-ietf-quic-http.all@ietf.org
X-XM-SPF: eid=1ket5k-0001N4-Ug; ; ; mid=<202011170456.0AH4uQAN022069@rumpleteazer.rhmr.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=166.70.232.207; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX18pcbdgU+6FocgaK1Za+t0+
X-SA-Exim-Connect-IP: 166.70.232.207
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-Virus: No
X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ****;iesg@ietf.org, secdir@ietf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 297 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.7 (1.2%), b_tie_ro: 2.5 (0.8%), parse: 1.06 (0.4%), extract_message_metadata: 4.5 (1.5%), get_uri_detail_list: 1.33 (0.5%), tests_pri_-1000: 3.0 (1.0%), tests_pri_-950: 1.48 (0.5%), tests_pri_-900: 1.18 (0.4%), tests_pri_-90: 55 (18.5%), check_bayes: 53 (18.0%), b_tokenize: 7 (2.2%), b_tok_get_all: 7 (2.2%), b_comp_prob: 1.57 (0.5%), b_tok_touch_all: 36 (12.2%), b_finish: 0.67 (0.2%), tests_pri_0: 215 (72.5%), check_dkim_signature: 0.34 (0.1%), check_dkim_adsp: 30 (10.0%), poll_dns_idle: 25 (8.5%), tests_pri_10: 2.6 (0.9%), tests_pri_500: 6 (2.2%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gudkQVP9QheQ1PpmrIDSULiZfFs>
Subject: [secdir] Security directorate review of draft-ietf-quic-http-32
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 04:59:49 -0000

	 Security review of Hypertext Transfer Protocol Version 3
	 draft-ietf-quic-http-32

Do not be alarmed.  I generated this review of this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.  These comments were written
with the intent of improving security requirements and considerations
in IETF drafts.  Comments not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last call comments.

This document describes "describes a mapping of HTTP semantics over
QUIC.  [... It]  also identifies HTTP/2 features that are subsumed by
QUIC, and describes how HTTP/2 extensions can be ported to HTTP/3."

I would like to see the Security Considerations spell out exactly
what security features HTTP expects from QUIC.

There are reasonably good Security Consideration sections for
both this document and for QUIC transport. The only problem that
I have is that the authentication model for QUIC-HTTP is not
explicitly spelled out.  The only discussion is in section 3.4
Connection Reuse, and although that section may be technically
correct, I find it hard to understand.  Similarly, there is brief
mention of privacy wrt reused connections in 10.11, but that is
weak beer, simply saying that HTTP 3 prefers not to reuse connections.
And integrity of the data isn't mentioned at all, perhaps because
all this is assumed to be provided by QUIC.  Section 10.2 says that
all QUIC packets are encrypted; I'm not sure if that's true, or if
QUIC has an option for "non-modifiable" without encryption.  The
QUIC draft is 200 pages and is still in progress, ... like a wimp
I skimmed it but did not read it in detail.

Hilarie

v2.23.0 | Report a Bug | By Email