Re: http+aes from Anthony Bryan on 2012-03-08 (ietf-http-wg@w3.org from January to March 2012)

From: Anthony Bryan <anthonybryan@gmail.com>
Date: Wed, 7 Mar 2012 20:53:52 -0500
To: Ian Hickson <ian@hixie.ch>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CANqTPehSPATferGPRfoZE=DVk5XrKHi2PNwPuS7y2jQxhcXRhg@mail.gmail.com>

On Tue, Mar 6, 2012 at 7:23 PM, Ian Hickson <ian@hixie.ch> wrote:
> On Tue, 6 Mar 2012, Manger, James H wrote:
>
>> The untrusted CDN can make all sorts of modifications: truncating the
>> content; toggling any bits of the content; etc. Many modifications will
>> cause errors that depend on the content. Watch which errors occur from
>> which modifications and you learn the content. These sorts of practical
>> attacks have occurred numerous times (often with CBC mode, but
>> decrypting without checking integrity is the root cause).
>
> Certainly damaging the content can occur, but it isn't what we're trying
> to protect against here.
>
> There are other cases (e.g. distributed hosting for FTP sites) where the
> integrity concern is real and the privacy concern is not. For example, one
> can imagine a situation in which a Linux distribution is available on
> dozens of mirror sites, and one site is hostile and embeds malware into
> their copy of the distribution. This is an entirely separate and
> orthogonal issue, and not one that this proposal in any way attempts to
> address. If it should be addressed, then it should be addressed
> separately. (Proposals to address this do come up occasionally; so far
> none have caught the imagination of Web browser vendors.)

this is addressed by Metalink in RFC 5854 (XML) & RFC 6249 (HTTP,
using the Link & Digest header fields).

multiple mirrors, full & partial file checksums, and other information
to aid in download completion can be included. (there is also work on
an FTP HASH command for requesting hashes of files,
draft-ietf-ftpext2-hash)

many Linux distributions, LibreOffice, OpenOffice.org, etc, use
Metalink and quite a few download applications support it for 7 years.

but you're right, most browser vendors haven't caught on. correctly
downloading large files would be very helpful to a number of
communities. we'd like to work with them to address any concerns if
they are interested!

> On Tue, 6 Mar 2012, Adrien de Croy wrote:
>>
>> Have the URI point to a small file which contains the information
>> required - target URI of encrypted content, and key, encoding, and
>> checksum for integrity.

I'm not suggesting Metalink for this since it appears to have been
ruled out, but either the XML or HTTP version could be extending to do
just this.

-- 
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads

Received on Thursday, 8 March 2012 01:54:20 UTC