- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 22 Aug 2014 02:50:49 +1200
- To: Adam Rice <ricea@google.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 21/08/2014 8:07 p.m., Adam Rice wrote:
> On 21 August 2014 15:37, Amos Jeffries wrote:
>
>> * if use of this header is picked up widely then we will be headed
>> toward a situation where more proxies can relatively safely have blanket
>> rejection on CONNECT traffic omiting it, a lot of current day attacks
>> will fail, and BCP 188 Pervasive Monitoring stops being pervasive.
>>
>
> I don't believe that anyone who has the capability to intercept and decrypt
> traffic will voluntarily give it up.
Decryption costs $$. Also the entire traffic stream must be decrypted
("pervasive" remember). A fast way to filter out some of the traffic and
target the decryption has positive pressure to adopt for cost reduction
even by those who have the capability.
>
> Since it is trivial for malware to forge this header, I do not believe it
> will stop any attacks.
>
It will change the attacks which are possible and how difficult they
are. Today it is trivial to send a CONNECT with arbitrary payload to a
large number of networks and proxies. After the header they will have to
make the attack work while simultaneously spoofing bits of the internal
protocol which DPI systems can now validate.
eg. the header conveys that TLS/1.3 is being transmitted and the data
actually contains a SSL/1.0 client hello (or something not even parsing
as a client hello at all).
Then there is the whole area of signed messages that make the header
content a fixed and reliable detail while in the clear for proxies.
Amos
Received on Thursday, 21 August 2014 14:51:34 UTC