- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 15 Mar 2016 09:59:59 +1100
- To: Patrick McManus <pmcmanus@mozilla.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 15 March 2016 at 04:40, Patrick McManus <pmcmanus@mozilla.com> wrote: > The DNS restriction of 7540 is really about sane routing of requests to the > right server by getting an opt-in that indicates configuration. Its not > really about security - DNS is not really part of the security model. I 99% agree. The other 1% is reserved for a minor concern about the way the security model interacts with the rest of the system. When a URL becomes known to a client, it then seeks out a server that can serve that authority. RFC 7540 didn't fundamentally change that by allowing coalescing: the same process was followed, we just allowed certain steps to be merged with work already done. However, this would skip the DNS step entirely. That's not bad, because we don't rely on it for any sort of security property. However... it does allow for some interesting capture scenarios. For example, if I were able to steal a certificate for a few interesting names, I would only have to capture a connection toward a single one of those names in order to effectively intercept all requests to those names. With Alt-Svc, I would be able to continue that capture as long as the theft remained viable. With Mike's additional certs, it's possible to use different stolen certificates. It's a small concern, because I think that the risk is small in comparison to the potential gain, but I don't think that this is something that we can reasonably ignore.
Received on Monday, 14 March 2016 23:00:27 UTC