W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: http+aes

From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 6 Mar 2012 17:06:03 -0800
Message-ID: <CABcZeBMxHTugS9mRfyZEPHWXPAJF4voqXfcAZ+q=A8-cqMoqZQ@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: "Manger, James H" <James.H.Manger@team.telstra.com>, Carsten Bormann <cabo@tzi.org>, Adrien de Croy <adrien@qbik.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Willy Tarreau <w@1wt.eu>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, Anne van Kesteren <annevk@opera.com>
On Tue, Mar 6, 2012 at 4:23 PM, Ian Hickson <ian@hixie.ch> wrote:

>
>> I hope a 500 error with a response body containing javascript cannot get
>> the http+aes URL from, say, window.location.
>
> A 500 error containing JS would be garbled and so couldn't access the URL.

Ian,

If I understand your reasoning here, it's that the body of the error would be
encrypted by an unknown key and therefore the attacker cannot put chosen
JS here?

If so, that's not obviously correct. Consider the case where the header of
the content is known (e.g., because it contains meta-information about
the content). In that case, an attacker can use the properties of CTR to
produce a ciphertext that maps to a predictable plaintext, thus
mounting the attack described here.

Best,
-Ekr
Received on Wednesday, 7 March 2012 01:07:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT