- From: Fisher Mark <FisherM@is3.indy.tce.com>
- Date: Fri, 29 Dec 95 09:23:00 PST
- To: "'Roy T. Fielding'" <fielding@avron.ICS.UCI.EDU>, 'Jeffrey Mogul' <mogul@pa.dec.com>
- Cc: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
In <9512282109.AA06423@acetes.pa.dec.com>, you wrote, Jeff: >The security issue here is new, and seems to have several components >(I'm reading between the lines in your message): > > (1) The transmission of some data that would have been rejected > might expose it to eavesdropping. > > (2) The mere attempt to do a "vulnerable operation" that would > be rejected could cause some havoc at the server side. > >Am I missing any others? Frankly, I don't buy either of these >arguments; especially, as Koen points out, the 5-second timeout >can be manipulated by an external agent (via a temporary >denial-of-service attack) but also because we ought not to be >pretending that security can be accomplished without encryption >for privacy and authentication for authorization. One additional risk is traffic analysis, as in, "Gee, EDS is sure sending a lot of encrypted messages to GM today". Remember that Kocher's attack on RSA involves timing analysis, a form of traffic analysis. Sending the whole PUT could open it up to Kocher's or a similar attack, especially if the object being PUT is publicly readable, as some of the data would then be known plaintext. ====================================================================== Mark Leighton Fisher Thomson Consumer Electronics fisherm@indy.tce.com Indianapolis, IN
Received on Friday, 29 December 1995 06:27:36 UTC