[secdir] Security directorate review of draft-ietf-quic-http-32
Hilarie Orman <hilarie@purplestreak.com> Tue, 17 November 2020 04:59 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CA63A0D81; Mon, 16 Nov 2020 20:59:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bq_0OemI7jCK; Mon, 16 Nov 2020 20:59:48 -0800 (PST)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C75E3A0D7E; Mon, 16 Nov 2020 20:59:47 -0800 (PST)
Received: from in01.mta.xmission.com ([166.70.13.51]) by out02.mta.xmission.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <hilarie@purplestreak.com>) id 1ket5l-00CP9U-JV; Mon, 16 Nov 2020 21:59:45 -0700
Received: from [166.70.232.207] (helo=rumpleteazer.rhmr.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1ket5k-0001N4-Ug; Mon, 16 Nov 2020 21:59:45 -0700
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id 0AH4uQYl022070; Mon, 16 Nov 2020 21:56:26 -0700
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id 0AH4uQAN022069; Mon, 16 Nov 2020 21:56:26 -0700
Date: Mon, 16 Nov 2020 21:56:26 -0700
Message-Id: <202011170456.0AH4uQAN022069@rumpleteazer.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org
Cc: draft-ietf-quic-http.all@ietf.org
X-XM-SPF: eid=1ket5k-0001N4-Ug; ; ; mid=<202011170456.0AH4uQAN022069@rumpleteazer.rhmr.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=166.70.232.207; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX18pcbdgU+6FocgaK1Za+t0+
X-SA-Exim-Connect-IP: 166.70.232.207
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-Virus: No
X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ****;iesg@ietf.org, secdir@ietf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 297 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.7 (1.2%), b_tie_ro: 2.5 (0.8%), parse: 1.06 (0.4%), extract_message_metadata: 4.5 (1.5%), get_uri_detail_list: 1.33 (0.5%), tests_pri_-1000: 3.0 (1.0%), tests_pri_-950: 1.48 (0.5%), tests_pri_-900: 1.18 (0.4%), tests_pri_-90: 55 (18.5%), check_bayes: 53 (18.0%), b_tokenize: 7 (2.2%), b_tok_get_all: 7 (2.2%), b_comp_prob: 1.57 (0.5%), b_tok_touch_all: 36 (12.2%), b_finish: 0.67 (0.2%), tests_pri_0: 215 (72.5%), check_dkim_signature: 0.34 (0.1%), check_dkim_adsp: 30 (10.0%), poll_dns_idle: 25 (8.5%), tests_pri_10: 2.6 (0.9%), tests_pri_500: 6 (2.2%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gudkQVP9QheQ1PpmrIDSULiZfFs>
Subject: [secdir] Security directorate review of draft-ietf-quic-http-32
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 04:59:49 -0000
Security review of Hypertext Transfer Protocol Version 3 draft-ietf-quic-http-32 Do not be alarmed. I generated this review of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes "describes a mapping of HTTP semantics over QUIC. [... It] also identifies HTTP/2 features that are subsumed by QUIC, and describes how HTTP/2 extensions can be ported to HTTP/3." I would like to see the Security Considerations spell out exactly what security features HTTP expects from QUIC. There are reasonably good Security Consideration sections for both this document and for QUIC transport. The only problem that I have is that the authentication model for QUIC-HTTP is not explicitly spelled out. The only discussion is in section 3.4 Connection Reuse, and although that section may be technically correct, I find it hard to understand. Similarly, there is brief mention of privacy wrt reused connections in 10.11, but that is weak beer, simply saying that HTTP 3 prefers not to reuse connections. And integrity of the data isn't mentioned at all, perhaps because all this is assumed to be provided by QUIC. Section 10.2 says that all QUIC packets are encrypted; I'm not sure if that's true, or if QUIC has an option for "non-modifiable" without encryption. The QUIC draft is 200 pages and is still in progress, ... like a wimp I skimmed it but did not read it in detail. Hilarie
- [secdir] Security directorate review of draft-iet… Hilarie Orman
- Re: [secdir] Security directorate review of draft… Lars Eggert
- Re: [secdir] Security directorate review of draft… Lars Eggert