W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Digest mess

From: Scott Lawrence <lawrence@agranat.com>
Date: Thu, 18 Dec 1997 11:10:56 -0500 (EST)
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc: john@math.nwu.edu, jg@w3.org, paulle@microsoft.com
Message-Id: <Pine.LNX.3.96.971218110817.17903C-100000@alice.agranat.com>


  In http://www.ics.uci.edu/pub/ietf/http/hypermail/1997q4/0481.html
  John Franks says:

JF> ... adding a field to the Authentication-Info
JF> header could solve the problem by duplicating the headers which
JF> a proxy might change.  I have in mind something like

JF>    dheaders = "date:content_len:L-M-date:expires"

JF> John Mallery points out that it would be good to have the response
JF> status code digested as well.  If it is included here that becomes
JF> possible (which it wasn't before since proxies change it from
JF> say 304 to 200).  This header would also eliminate problems of 
JF> proxies canonicalizing headers.

  This would work in terms of preserving the computability of the
  digest value.  The problem I see with it is that it doesn't really
  do anything for the security but prevent a denial of service attack
  (which is unstoppable if the attacker can modify any part of the
  message anyway).  

  Going back to Pauls rationale for including these header field
  values in the first place - the general principal that as much as
  possible should be protected by the integrity check because you
  never know what some clever attacker will be able to do by changing
  an unprotected field.  By sending the original values separatly, we
  would ensure that a proxy would not cause the digest calculation to
  fail by changing these headers, but we might not prevent the
  original attack from succeeding.  The headers in question are
  essentially cache control headers; if an attacker has figured out a
  way to get a cache to do something wrong by modifying these headers,
  then the cache will still do it - the proxy does not have the secret
  needed to check the authentication information anyway.

  If good nonces are used, attacks based on cache behaviour will fail
  anyway (and as I said before, the Security Considerations section
  probably needs some more text on this), so I'm not sure that adding
  the headers is justified.

  Removing the problematic field values from the calculation and
  adding the original values as attributes are both
  backward-incompatible changes; the question then becomes which will
  do more:
     1) to support authentication and integrity protection
     2) to encourage wider implementation and use of the feature.
  I think that with respect to (1) the two alternatives are
  equivalent; neither ends up really preventing attacks based on cache
  manipulation, and either is capable of detecting such attacks.  It
  seems clear to me that making the scheme simpler by removing
  elements from the calculation is more likely to encourage wider
  implementation. 
  
Received on Saturday, 3 January 1998 09:46:44 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:09 EDT