W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

RE: Security Requirements for HTTP, draft -00

From: Robert Sayre <rsayre@mozilla.com>
Date: Thu, 31 Jan 2008 08:25:58 +0000
Message-Id: <E115FFBC-0067-4648-A28A-ED5FA7ADDCD9@mozilla.com>
To: ietf-http-wg@w3.org
> Alternate wording:
>
> "Additionally, implementation experience has shown that in some  
> cases, especially those involving large requests or responses such  
> as streams,

I don't think that "in some cases" is appropriate. auth-int is  
basically unimplemented. We can argue about why that is, so perhaps  
the "because" could be changed to "One reason is...".


> the message integrity mode is impractical because it requires servers
> to analyze the full request before determining whether message  
> integrity has been violated and hence whether the request can be  
> processed."
>
> Analysis:
>
> In the case where the server knows nothing about the semantics of  
> the request or the capabilities of the server application, I believe  
> that it has no choice but to hold the request until it has  
> determined that nothing has tampered with it -- for both TLS and  
> auth-int.

Servers need to be able to ignore message bodies from clients that  
don't know the shared secret. auth-int requires that the server buffer  
the entire request before determining that the client knows the shared  
secret.

- Rob
Received on Thursday, 31 January 2008 09:35:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT