W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

RE: bohe and delta experimentation...

From: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
Date: Mon, 21 Jan 2013 14:07:14 +0000
To: Roberto Peon <grmocg@gmail.com>, Willy Tarreau <w@1wt.eu>
CC: Nico Williams <nico@cryptonector.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>, "Mark Nottingham" <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <6C71876BDCCD01488E70A2399529D5E52E180E@ADELE.crf.canon.fr>
I agree that in the general case, partial-text matches are unsafe when considering CRIME attack. After all, this is the basis of the Deflate mechanism.

However, I would think that the more limited usage I proposed for URLs is mostly safe:
- First it doesn't mix different sources of information: URLs are kept with URLs. If URLs are considered as sensitive, this isn't great as the CRIME attack vector was based on URLs.
- Second, only the most recent URLs are kept in cache: after a few tries from the attacker, the cache will contain only the URLs used by the attacker, and the attack target will have been evicted from the cache.

Therefore, I think that using a common prefix to encode URLs in a more compact way is safe. In addition, we should probably take a deeper look at the CRIME attack, and include in HTTP/2.0 other mechanism to prevent it, or at least to decrease the risks linked to it. For example, there could be rules on how HTTP/2.0 sessions can be reused.


> -----Original Message-----
> From: Roberto Peon [mailto:grmocg@gmail.com]
> Sent: vendredi 18 janvier 2013 20:23
> To: Willy Tarreau
> Cc: RUELLAN Herve; Nico Williams; Martin J. Dürst; Mark Nottingham; James
> M Snell; ietf-http-wg@w3.org
> Subject: Re: bohe and delta experimentation...
> Heh. We have more information about what is safe and what is not safe than
> that!
> Things we have fairly high confidence about w.r.t. CRIME:
>   Partial-text matches are unsafe for any potentially sensitive field.
>   Full-atom matches are safe for any field, including those with potentially
> sensitive information.
>   Dynamic entropy-coding, where the code-tables change based on input is
> unsafe
>   Static entropy-coding, where the code-tables have no relation to user input
> is safe.
> -=R
> On Fri, Jan 18, 2013 at 10:18 AM, Willy Tarreau <w@1wt.eu> wrote:
> 	Hi Roberto,
> 	On Fri, Jan 18, 2013 at 09:22:11AM -0800, Roberto Peon wrote:
> 	> This makes URLs vulnerable to the CRIME attack, and URLs
> definitely do
> 	> contain sensitive information often :(
> 	>
> 	> This is true for anything which allows partial matches (I just can't
> figure
> 	> out how date could be sensitive, but if it could, even the encoding
> 	> suggested earlier by me would be dangerous).
> 	>
> 	> I dropped exactly this (prefix match) functionality from delta early
> on
> 	> because of this.
> 	If we consider that anything is sensible to the CRIME attack, then we
> need
> 	to go fully stateless I guess, otherwise it will be too hard to find out
> 	what is safe to reuse and what is risky :-/
> 	Willy
Received on Monday, 21 January 2013 14:08:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:09 UTC