W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Mon, 07 Dec 2015 11:04:25 +0000
To: Cory Benfield <cory@lukasa.co.uk>
cc: Maxthon Chan <xcvista@me.com>, Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <68127.1449486265@critter.freebsd.dk>
--------
In message <C83FFB64-757E-4150-940C-829C9974E359@lukasa.co.uk>, Cory Benfield writes:

>The attack to worry about is: what if the attacker replaces the body *in its
> entirety*, headers and all? How do we protect against that?

As in you get a bogus body and there is no signature ?

I think I'd lock that down with DNSSEC/DANE providing the information
that all HTTP under this domain must be signed with a particuar cert.

For real-time streaming traffic, it would be necessary with some
sort of "Transfer-Encoding: signed-chunks"

An escape-hatch, a signature which says "this object has other
integrity-checks" could be used for things like streaming video,
where integrity is built into the data already.

As for the CA thing:  My distrust is with the content of the default
root-cert lists shipped, not with the protocol mechanisms.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 7 December 2015 11:04:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC