IETF Logo Mail Archive

Re: [secdir] secdir review of draft-alakuijala-brotli-08

Zoltan Szabadka <szabadka@google.com> Wed, 20 April 2016 08:38 UTC

Return-Path: <szabadka@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EAB212E1FD for <secdir@ietfa.amsl.com>; Wed, 20 Apr 2016 01:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDLt5rIoRrNC for <secdir@ietfa.amsl.com>; Wed, 20 Apr 2016 01:38:28 -0700 (PDT)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 414A912E2A0 for <secdir@ietf.org>; Wed, 20 Apr 2016 01:38:27 -0700 (PDT)
Received: by mail-lf0-x22d.google.com with SMTP id j11so36452260lfb.1 for <secdir@ietf.org>; Wed, 20 Apr 2016 01:38:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=sefB4Dfkrc7maQF7jWL6LxzCcIsYFaycnPS/TLRc2cU=; b=cukBdlSmAiJMJxbvPzcUZJ3+YDsn3FtDSekGQpEIXLOC8UzlMMiKYnK5904436d28n 0RXc/PQc4fmhLPhNHtRf/r0KiECTeWUQUL0TiRIuraNTHFDYfHRHfBDAJJw2E6strGjY +755aSbn5H+ubIY99nC0XmQp2/c01/01PJTiiK81lTeAGql15v30o5i15yWvDAf2APjn OHdhXqDDjVMjHmxkPjFjCaW/51he3gGFTN58mnPwSm7yhqblToLFOSw36KytSXRvirx3 IVFblwHPI9wZdn4fFyPrBCFr6WYfGtyPQb6KEvwWJw8kMObw8bBy8GScCb3kYUqwhJpI Nf2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=sefB4Dfkrc7maQF7jWL6LxzCcIsYFaycnPS/TLRc2cU=; b=MonFH9ETa8maVzKBJfkNtvvnPkRQJ+oQBhPT1vi2cGXcJrn48Cc1oHddr8zEzx2/ZO jkFAER0VRk8VgRNn7Eo+XmjZLTnRgMs4+Hvc0eluwEBt6SwdGP8nfFqM3GCAz8JeKvFl qvcu3CWYdMHweK8esVDvBZnvzTcXGoz6BMlk7ARcgtCnP6IdsS8XXRZAWycPOmBNxSVh zOVWz0gRGYMBWxbemiSfMlOJIerLT08nCCedcoXAHwbuf4PWheNX4iNtRWTqkFGXQ23V a37DIhwJbXPCW8T3MimUIqnQLQrzi8y5ouOnF/j/03WbxV+qk6OntZMrdCB/c5/eUxk1 Y6Vg==
X-Gm-Message-State: AOPr4FXxWqrM8Qjbn+3uX+JjwE0Yi3I0sZ9G7DE1NVHfaTJGplx8ixhzmR/hAcKV0jfgCRMV1xjNGk+BjmU/cSrr
MIME-Version: 1.0
X-Received: by 10.25.85.210 with SMTP id j201mr2690888lfb.132.1461141505224; Wed, 20 Apr 2016 01:38:25 -0700 (PDT)
Received: by 10.112.60.74 with HTTP; Wed, 20 Apr 2016 01:38:24 -0700 (PDT)
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12AF2C416@SZXEMA502-MBS.china.huawei.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12AF2C416@SZXEMA502-MBS.china.huawei.com>
Date: Wed, 20 Apr 2016 10:38:24 +0200
Message-ID: <CAErD28-FydbU0mAXxQ3tphdVYz3t2yN_m-=MYTCnHOrm7++jyA@mail.gmail.com>
From: Zoltan Szabadka <szabadka@google.com>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>
Content-Type: multipart/alternative; boundary="001a1141d826631cc70530e68448"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/luxg7KCEeo7o_jBpr_08X6mRLeU>
Cc: "draft-alakuijala-brotli.all@tools.ietf.org" <draft-alakuijala-brotli.all@tools.ietf.org>, aamelnikov@fastmail.fm, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Nevil Brownlee <rfc-ise@rfc-editor.org>, barryleiba@computer.org
Subject: Re: [secdir] secdir review of draft-alakuijala-brotli-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2016 08:38:30 -0000

Thank you for reviewing the brotli internet draft.

We published a new version of the document (
https://www.ietf.org/id/draft-alakuijala-brotli-09.txt) that addresses your
comments on the "Security Considerations" section. This version also has a
short paragraph about the CRIME attack.

We have not yet considered using brotli for IP compression. If my
understanding is correct, it is not necessary to modify this document if we
want to use brotli for IPComp later. According to the IANA considerations
section of rfc 2407: "Requests for assignments of new IPCOMP transform
identifiers must be accompanied by an RFC which describes how to use the
algorithm within the IPCOMP framework". This suggests that we would have to
write a separate rfc for this purpose with an IANA considerations section
that updates the "IPSEC IPCOMP Transform Identifiers" registry.

Thanks,
Zoltan

On Mon, Apr 11, 2016 at 7:47 AM, Xialiang (Frank) <frank.xialiang@huawei.com
> wrote:

> Hello,
>
>
>
>
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
>
>
>
>
>
> This document defines a lossless compressed data format that compresses
> data using a combination of the LZ77 algorithm and Huffman coding, with
> efficiency comparable to the best currently available general-purpose
> compression methods.
>
>
>
>
>
> The document appears in reasonably good shape.
>
>
>
> In general, this document specify a new compressed data format which is
> used in the end points of a connection, which is not directly subject to
> network security issues. In other words, the compressed contents can be
> protected by all the existing security technologies (i.e., encryption,
> authentication/authorization, anti-attack, etc) if necessary. The main
> security concern is about how the bad (or faked) compressed data will
> attack the end system, such as: buffer overflow and resource consumption!
> Some of the concerns are covered in the “Security Considerations” section.
>
>
>
> But there are still several security issues (TBDs) missing in the document
> that need to be addressed before publication.
>
>
>
>
>
> Below is a series of my comments, questions for your consideration.
>
>
>
>
>
> Discussion: Section 2
>
> Right now, your compressed data format is mainly used for the http (see in
> the IANA section). Have you considered whether it can also be applied to IP
> compression?
>
>
>
>
>
>
>
> Comments: Section 11
>
> In the security considerations section, there are still some serious
> security issues not mentioned:
>
> 1. Resource consumption to the system containing a decompressor
> implementation: decompressing the invalid compressed data can make the
> decompressor system’s resource (cpu, memory, storage) to be consumed
> greatly, how to protect against this possible attack?
>
> 2. Resource consumption or buffer overflow to the system containing a
> compressor implementation: correspondingly, when a network proxy get some
> contents and need to compress them using this format, how to protect
> against the possible attacks when compressing the invalid (or faked)
> contents?
>
>
>
>
>
>
>
> Thank you.
>
>
>
> B.R.
>
> Frank
>
>
>

v2.23.0 | Report a Bug | By Email