W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Re: 'PUT' transaction reconsidered (was Re: two-phase send concerns )

From: Fisher Mark <FisherM@is3.indy.tce.com>
Date: Fri, 29 Dec 95 09:23:00 PST
To: "'Roy T. Fielding'" <fielding@avron.ICS.UCI.EDU>, 'Jeffrey Mogul' <mogul@pa.dec.com>
Cc: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Message-Id: <30E4241F@MSMAIL.INDY.TCE.COM>

In <9512282109.AA06423@acetes.pa.dec.com>, you wrote, Jeff:
>The security issue here is new, and seems to have several components
>(I'm reading between the lines in your message):
>
>    (1) The transmission of some data that would have been rejected
>    might expose it to eavesdropping.
>
>    (2) The mere attempt to do a "vulnerable operation" that would
>    be rejected could cause some havoc at the server side.
>
>Am I missing any others?  Frankly, I don't buy either of these
>arguments; especially, as Koen points out, the 5-second timeout
>can be manipulated by an external agent (via a temporary
>denial-of-service attack) but also because we ought not to be
>pretending that security can be accomplished without encryption
>for privacy and authentication for authorization.

One additional risk is traffic analysis, as in, "Gee, EDS is sure sending a 
lot of encrypted messages to GM today".  Remember that Kocher's attack on 
RSA involves timing analysis, a form of traffic analysis.  Sending the whole 
PUT could open it up to Kocher's or a similar attack, especially if the 
object being PUT is publicly readable, as some of the data would then be 
known plaintext.
======================================================================
Mark Leighton Fisher                   Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN
Received on Friday, 29 December 1995 06:27:36 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:38 EDT