W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-00.txt

From: Eliot Lear <lear@cisco.com>
Date: Tue, 01 Oct 2013 07:01:01 +0200
Message-ID: <524A570D.8020604@cisco.com>
To: Mark Nottingham <mnot@mnot.net>
CC: "ietf-http-wg@w3.org WG" <ietf-http-wg@w3.org>
Hi Mark,


Section 3.3 of your draft does not properly characterize a substantial
security consideration:

If a browser has a primitive that says, “relax your certificate
inspection when you connect on port xyz”, then an insertion attack can
be made not just against those sites that intend to use the header, but
for any site on the Internet, including those sites that have valid
certificates, thus substantially damaging the existing TLS deployment.

Consider the following snippet going into the MITM:

<a href="https://bankofeliot.com/login">Click Here To Login</a>

and coming out:

Alt-svc: http2-tls-relaxed=:443
{...}

<a href="http://bankofeliot.com/login:443">Click Here To Login</a>

Worse, the server has no notion that the browser hasn't validated the
certificate.

  The mitigations for this attack are, as far as I can tell:

1.  Do not have the primitive in the browser;
2.  Only upgrade on the existing connection;
3.  Use a DNS record instead that is signed and can be validated (I
don't know if this is a complete mitigation).

My suggestion is (2) or (3) if you're looking for OE.

Finally, using port 443 in the example conflicts with TLS and the
assignment as articulated in RFC 2818.

Eliot
Received on Tuesday, 1 October 2013 05:01:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC