Re: [secdir] Review of draft-brown-versioning-link-relations-05

Eric Rescorla <ekr@networkresonance.com> Tue, 05 January 2010 16:55 UTC

Return-Path: <ekr@networkresonance.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AD0228C15A; Tue, 5 Jan 2010 08:55:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.318
X-Spam-Level: *
X-Spam-Status: No, score=1.318 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXcefa2hlKeu; Tue, 5 Jan 2010 08:55:37 -0800 (PST)
Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 6138128C144; Tue, 5 Jan 2010 08:55:36 -0800 (PST)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id 9DE066CBAC8; Tue, 5 Jan 2010 08:57:42 -0800 (PST)
Date: Tue, 05 Jan 2010 08:57:41 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Julian Reschke <julian.reschke@greenbytes.de>
In-Reply-To: <4B40E063.7070605@greenbytes.de>
References: <20100102230208.8346F6CB202@kilo.networkresonance.com> <4B40E063.7070605@greenbytes.de>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20100105165742.9DE066CBAC8@kilo.networkresonance.com>
Cc: iesg@ietf.org, draft-brown-versioning-link-relations@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-brown-versioning-link-relations-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2010 16:55:38 -0000

At Sun, 03 Jan 2010 19:22:27 +0100,
Julian Reschke wrote:
> 
> Eric Rescorla wrote:
> > This document describes a set of link relations which provide
> > information about other versions of a versioned resource.
> > 
> > In general this mechanism seems sound but I'm not sure that
> > the security considerations are entirely adequate. This 
> > mechanism lets you learn information about other versions
> > of a resource even if you potentially don't have permission
> > to view them directly. Consider a limiting case where each
> > version of the resource had a name that contained the
> > change set for that resource. E.g.,
> > 
> > http://example.com/versions/filename/_@line_50_+_FOO;@line_60_+_BAR/;
> > 
> > In this case, seeing other parts of the version tree leaks
> > information about those versions. I don't think that this
> > is a problem for the draft, but it might be useful to
> > mention that this feature has implications for name 
> > construction.
> 
> Yes, we can mention that.
> 
> But, isn't this a general problem with exposing meta data in link 
> relations? 

Yes, probably.


> As such, shouldn't it have been mentioned in RFC 4287, and 
> should it also be mentioned in draft-nottingham-http-link-header?

Probably... I just didn't read these. :) I only did this one as part
of secdir review. 

-Ekr