Re: [Wpack] On double-hashing (was: Re: About content-based origins)
Martin Thomson <mt@lowentropy.net> Tue, 31 March 2020 03:44 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C22B3A19EE for <wpack@ietfa.amsl.com>; Mon, 30 Mar 2020 20:44:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=nzr523Yt; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=S66Wwdem
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPrIAmVf9kRy for <wpack@ietfa.amsl.com>; Mon, 30 Mar 2020 20:43:59 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 508883A19ED for <wpack@ietf.org>; Mon, 30 Mar 2020 20:43:59 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id B767C6B0; Mon, 30 Mar 2020 23:43:57 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Mon, 30 Mar 2020 23:43:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm1; bh=nK4Z3y45U4nNjlUf93F18fnYjkvg IM2bO2FxOhKVaRk=; b=nzr523YtqcXDs1WXjzpHEMYsWSIw16R6jBNvMpkxpGn+ d1ln9YZPWNdJx5U+Q+ZV19alPBGwdmSR9mmYbaKXsji1kQoLDjrQVcL1U45aO6iV f2RfHxtpBX7KMJkFk6aZsx5m9kg0M4if7w+m0gp0h3KNPYP4sLGi1HG5QprXMKMk akX3Swg6xhtnZVcsKiciJ2vl0y9GO2l6vSMINouGwgtLE0s929HpaJxUgxubU67a OLwDb+AyJ0X8vwt/lOW44vYzeCcUVtmufU43if4gMvXIdR+eUq/4Gu5M37lZCHE4 gVfoXgnndMyYozcokKfUG8mVKTQ8O/e0I6hobXt/PA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=nK4Z3y 45U4nNjlUf93F18fnYjkvgIM2bO2FxOhKVaRk=; b=S66WwdemyphY4O5ydSzlpO nFNA5wMNZTS633wRRZBOzn2tZxVLt3cwgq+ViWGdevWJRgeTKmVKzeJfDMevCrlh w4EYGcl5EevVMFCWcfMs+uWlo9XYua8rD2F8UNsfoEHnTymY1hrvC0XasPESALRV Z7GJyym91aHL9+HNLzCiI8FyFS3RqJWVR8fw+yqOtLivvBympr5SUPBVzY+F2H6C r1QAAExECAT4R5rUeyFWu1e+aRow+FXctzG5R0Yc9X4yEhX7A1tQxz9PtS7u0oyg m3NZpa0XvUQQrRLYbRnPHhbc5MwQFSpos9S7EVLNL5xoA5Il0FE8cA6PRubXrqFA ==
X-ME-Sender: <xms:fLyCXnYgxPtsfUiZR3SqPcYgVwFKgaOlKwDKu89tghOnKDZ1N57hkg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeiiedgjeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:fLyCXkMz4KxMqoaecst1Z1wXiGESznNVuzXe661XZuqr8JK44g4HJg> <xmx:fLyCXq2EKoZha5nmcW8KbIvsQ5cTjMGCKnETW5KBk5nj8kc2OtN2bQ> <xmx:fLyCXonyof_tyC9oSUbkkr778zUpOaM_4ijjhAdQZPO2ppnpEzEeIA> <xmx:fbyCXrPBFMks23lL3lB4nrWfA297EldHENufoHc_ToVvnVRJUS2rxA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E3D2CE00BA; Mon, 30 Mar 2020 23:43:56 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <ffa1991d-77fa-4a1e-be93-ec98a2ce591e@www.fastmail.com>
In-Reply-To: <CANjwSi=wC7wnyu0Yy6BXScXf9NomeMCaMY49sochEs92icYfEA@mail.gmail.com>
References: <260dfc2f-8399-483e-859d-08f92821c823@www.fastmail.com> <CANjwSimZAkAC0JJBjUjZr4k0514QRqDxBReOkq_AGTeGJ2OTzQ@mail.gmail.com> <CANjwSiniWmO+pTfFOdxW9tasy_eQiUiGwWvTsWF2KGR8yGtXqA@mail.gmail.com> <32395446-c14e-4bca-9c09-4804934c487b@www.fastmail.com> <CANjwSikybC7tnkWJVYCGcE=mc9ScM5oFBP5HWjwtd8+-e1EPFg@mail.gmail.com> <0ae3f1b1-7133-4d12-bf6c-a1ee2c257218@www.fastmail.com> <CANjwSi=wC7wnyu0Yy6BXScXf9NomeMCaMY49sochEs92icYfEA@mail.gmail.com>
Date: Tue, 31 Mar 2020 14:43:37 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Devin Mullins <twifkak@google.com>
Cc: wpack@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/wHljH4_OiXqREu4Mb-Q3aLGFTHg>
Subject: Re: [Wpack] On double-hashing (was: Re: About content-based origins)
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 03:44:01 -0000
On Tue, Mar 31, 2020, at 10:34, Devin Mullins wrote: > > I don't think that a site would be particularly put off by the cost of transferring hashes to the sites that they link to. 32 bytes per user per target isn't that much data to save or transfer. You can then rely on post-facto linkage. > > Good point. This is mitigated by martinthomson/wpack-content#1, yes? Not really. The push can include the H(Content) and the site can calculate H(H(C)). So the truncated hash only really limits the information the client has to include, trading it for more from the server. Since opening that issue, I'm not convinced that it is worth pursuing for anything other than that trade-off (which is only a maybe-optimization at best). > But AFAICT, this + //publisher.example/this-is-my-hash is not mitigated by #1. Right. What *might* do that is the fact that a publisher willing to accept *any* bundle ends up being exposed to a broad spectrum of cross site forgery attacks. It allows an attacker to supplant any script that the site might reference on its own origin. You might be able to avoid that with a really strong CSP, but I'm not sure that would be a strong guarantee. But as I mentioned before, there are ways to partition resources such that a site can validate a bundle without taking on that risk. And signing doesn't help significantly, except to add a signature to the 64+ bytes per user per target cost. > That said, I guess the solution is that, for > anti-fingerprinting, the state transfer request and any previous > subresource requests should be considered in different buckets. One thing that we are seeing in some contexts is not just completely different connections for credentialed vs. uncredentialed requests, but proxying of uncredentialed requests, so that the amount of fingerprinting information is limited. > The state transfer itself doesn't affect the feasibility of the attack. The > unverified bundle can make a fetch to > //publisher.example/distributor-id?foo, and even if the Sec-CO request > fails, the publisher can join foo with a subsequent credentialled > fetch, in order to inform future responses. The UA could consider this > ~isomorphic to the linking page making that same fetch to > /distributor-id?foo. Right. That's where this gets really hairy. But this all goes to challenging the feasibility of the goal of preventing information transfer across origins. The fact that this is a content-based origin doesn't change the dynamics at all. If origins are willing to cooperate in the exchange of information, then I don't know how to prevent that. It might be possible to make things sufficiently unlinkable, but even for something with protections as restrictive as Tor Browser I doubt that you can prevent transfer. (That's a challenge, BTW, because I would be very happy to be shown to be wrong.)
- [Wpack] About content-based origins Martin Thomson
- Re: [Wpack] About content-based origins Ted Hardie
- Re: [Wpack] About content-based origins Ben Schwartz
- Re: [Wpack] About content-based origins Martin Thomson
- Re: [Wpack] About content-based origins Devin Mullins
- [Wpack] Sec-Content-Origin clarification question… Ted Hardie
- Re: [Wpack] Sec-Content-Origin clarification ques… Devin Mullins
- Re: [Wpack] Sec-Content-Origin clarification ques… Jeffrey Yasskin
- [Wpack] On double-hashing (was: Re: About content… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Martin Thomson
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Martin Thomson
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Martin Thomson
- Re: [Wpack] About content-based origins Martin Thomson
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] About content-based origins Devin Mullins
- Re: [Wpack] About content-based origins Martin Thomson