RE: LYNX-DEV two curiosities from IETF HTTP session. from Yaron Goland on 1998-01-05 (ietf-http-wg@w3.org from January to March 1998)

From: Yaron Goland <yarong@microsoft.com>
Date: Mon, 5 Jan 1998 10:21:35 -0800
To: "'jg@pa.dec.com'" <jg@pa.dec.com>
Cc: Josh Cohen <joshco@microsoft.com>, Foteos Macrides <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <3FF8121C9B6DD111812100805F31FC0D0E71C3@red-msg-59.dns.microsoft.com>

I would phrase it as equally insecure but the point is made. A redirect is a
redirect is a redirect, at least as far as 305 goes. You are also right, 306
is a whole other story.

BTW my developers are now officially in love with 305.

	Yaron

> -----Original Message-----
> From:	jg@pa.dec.com [SMTP:jg@pa.dec.com]
> Sent:	Monday, December 29, 1997 1:07 PM
> To:	Yaron Goland
> Cc:	jg@pa.dec.com; Josh Cohen; Foteos Macrides; lynx-dev@sig.net;
> http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Subject:	RE: LYNX-DEV two curiosities from IETF HTTP session.
> 
> 
> >  From: Yaron Goland <yarong@microsoft.com>
> >  Date: Fri, 12 Dec 1997 08:03:06 -0800
> >  To: "'jg@pa.dec.com'" <jg@pa.dec.com>
> >  Cc: Josh Cohen <joshco@microsoft.com>,
> >          Foteos Macrides
> >  	 <MACRIDES@SCI.WFBR.EDU>, lynx-dev@sig.net,
> >          http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> >  Subject: RE: LYNX-DEV two curiosities from IETF HTTP session.
> >  
> >  It is still an attack as the origin server, if it has not been
> >  authenticated, is just some random server. To remind folks of the
> problems
> >  with click tracking and cookies, a bunch of servers could choose to
> have
> >  requests to them redirected to indicated proxies where advertising and
> other
> >  information will be inserted as needed. This very effectively gets
> around
> >  cookie issues.
> >  	Yaron
> >  
> 
> I sense further confusion on this topic....
> 
> If you've contacted an origin server, and it redirects you, the
> server it has redirected you to is equally the origin server, from
> the point of view of trust (i.e. the origin server shouldn't have
> done the redirect in the first place if the second server isn't
> trustworthy).
> The second server is fully as authoritative as the first, in terms
> of any trust or threat problems.
> 
> And if you can't trust your proxy, you have bigger problems to worry
> about.
> 
> So 305 does not introduce the kinds of threats that the 306 proposal did.
> 
> To remind you of 306's proposed semantics, it was to redirect you for
> this AND SUBSEQUENT REQUESTS, to use a proxy; this is what introduced
> the security problem, as the subsequent requests could be sent to
> a proxy you had not delegated trust to.
> 
> Hope this clarifies things.
> 					- Jim
> 
> 					
> --
> Jim Gettys
> Industry Standards and Consortia
> Digital Equipment Corporation
> Visting Scientist, World Wide Web Consortium, M.I.T.
> http://www.w3.org/People/Gettys/
> jg@w3.org, jg@pa.dec.com

Received on Monday, 5 January 1998 10:26:27 UTC