[Webpush] Proposal: different push message resource URIs for AS and UA
Idel Pivnitskiy <idel.pivnitskiy@gmail.com> Wed, 01 June 2016 19:52 UTC
Return-Path: <idel.pivnitskiy@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E058112D5E6
for <webpush@ietfa.amsl.com>; Wed, 1 Jun 2016 12:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id OiRPkTT7UNY5 for <webpush@ietfa.amsl.com>;
Wed, 1 Jun 2016 12:51:59 -0700 (PDT)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com
[IPv6:2607:f8b0:4001:c0b::22e])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A228212D563
for <webpush@ietf.org>; Wed, 1 Jun 2016 12:51:59 -0700 (PDT)
Received: by mail-it0-x22e.google.com with SMTP id e62so103516343ita.1
for <webpush@ietf.org>; Wed, 01 Jun 2016 12:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:from:date:message-id:subject:to;
bh=/19ZdBqNepnZBuUgJnjmbRUgPtzxwg1EknBuT/amPMA=;
b=Ak7d5+MqEL2c9mZhjKFx0He/qEec/Khz+LtJehYTzKe++N4arV/wbmzDOnzusBOv9w
WI6nzXC8Fhza6BbH7f0kjpl7Ro+s09tRKEWkoOo6RvBYqb/uc3Avu/G2sDvR6uuqe1TJ
4KdCTY8XTX1Kc8inmPeG81VeHShVrgjE03g8Lnr8xHnoWGFceS5gQK7Zz2r5/vsy/PWF
rcUc5h0jYKwRlPeS6p3VESOOuAe2M6Wp7lvkKf9v2U6RXo5zPJm56+bGxTtM7B5SK9AZ
PFUtS9h3epmwwHBjadqAWR3l0TWbo5LEa+Xismb2IZ/hiRwtZ6IV4EMhZ5ugUPz9AOmx
+hfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=/19ZdBqNepnZBuUgJnjmbRUgPtzxwg1EknBuT/amPMA=;
b=Qmgi6nckAS8CY8GDiFHEXwj4s0+1X6C5vBT/AZ1Z7+/JIsPpRsuOoDRSFmx9qByWw6
45iy8v/WghT/OLGg6lEjBcP4ZUKj9pN5jNaSjUJ1YdLt9SInKzx65f/nwjm0UaLsrcET
GZKPr/weUELjeGbL83ZOte2HjLdESIMkjyS26u2Oa+BUEaNIfZs8A5ysWAd/nzlakrNf
H84kWTQKG4BhTCoquI09Xf21FMfRH8bNKMOLpU6yn36TJSiV8pMW0CHiN5kwwyNygv+r
dg7jH0lcbJ6Wg3xr70A3g2fIvyMEw2oPa+h2zWOjl+BOTJ7W65IM1OIj/Zer02zDTU7n
G7mQ==
X-Gm-Message-State: ALyK8tKSi9fCpDWohHVDHufBKHkpEpq4q9LP/o0ldjuxpAnZSYx5QlDANCDD1UABuFzCjDAvVVL3UdzR1TfcZw==
X-Received: by 10.36.135.201 with SMTP id f192mr22418511ite.50.1464810718966;
Wed, 01 Jun 2016 12:51:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.43.197 with HTTP; Wed, 1 Jun 2016 12:51:19 -0700 (PDT)
From: Idel Pivnitskiy <idel.pivnitskiy@gmail.com>
Date: Wed, 1 Jun 2016 22:51:19 +0300
Message-ID: <CAN+BUJp8CK-wBHqCf9sen042eJ4PA0JmoLoT07oqr755q6aZRg@mail.gmail.com>
To: webpush@ietf.org
Content-Type: multipart/alternative; boundary=94eb2c1124649137f705343cd2ed
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/gI6y0C-fXL-bmnFYjc_-NU4jjS8>
Subject: [Webpush] Proposal: different push message resource URIs for AS and UA
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2016 19:52:02 -0000
Hi all, push message: The push service creates a push message resource to > identify push messages that have been accepted for delivery > (Section 5 <https://tools.ietf.org/html/draft-ietf-webpush-protocol-05#section-5>). The push message resource is also deleted by the > user agent to acknowledge receipt (Section 6.2 <https://tools.ietf.org/html/draft-ietf-webpush-protocol-05#section-6.2>) of a push message. > > And later in the draft we can see that PS returns the same URI for AS and UA: /d/qDIYHNcfAIPP_5ITvURr-d6BGtYnTRnk > > It gets ability for an AS to send DELETE request to this URI. Consequently, it may cause acknowledgement for a PS and sending a push message delivery receipt to the AS. Yes, this is a strange behaviour for a proper AS, but a push message resource URI could be intercepted. Even if the channel between an AS and a PS is encrypted, attacker can get it from the AS log files. So, I think that the push message resource URIs must be different for AS and UA, to prevent this attack by design. In addition, it will get possibility to provide deletion of sent push messages for an AS. In case, when push message are not actual at all, but TTL value was to high. Best regards, Idel Pivnitskiy -- Twitter: @idelpivnitskiy <https://twitter.com/idelpivnitskiy> GitHub: @idelpivnitskiy <https://github.com/idelpivnitskiy>
- [Webpush] Proposal: different push message resour… Idel Pivnitskiy
- Re: [Webpush] Proposal: different push message re… Martin Thomson
- Re: [Webpush] Proposal: different push message re… Idel Pivnitskiy