The TLS hammer and resource integrity from Martin Thomson on 2012-03-28 (ietf-http-wg@w3.org from January to March 2012)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 28 Mar 2012 05:55:18 +0200
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXW1Eke01W_xCBuyJrbx8uNT1K=tS37eNFhPujVo2h3yA@mail.gmail.com>

We have already touched on this in discussions of SPDY, but I wanted
to make a statement on this prior to the meeting on Thursday.

TLS is a great tool in the protocol design toolbox.  It provides a
great many things together.  Confidentiality, integrity,
authorization, and so forth.  Therefore, it is very easy to pick up
that tool and apply it without a complete analysis of the treat model
and what aspects of that model it addresses.

Mixed content (see Monday's plenary topic) is a good example of where
TLS doesn't necessarily provide the best trade-off of all the security
options present.  The classic concern is that I have a TLS-secured
page that pulls in content over HTTP in the clear.  That unsecured
content can then potentially poison the entire page.

The property that is required in the mixed content scenario is
integrity.  The host page might not care that confidentiality is
maintained when requesting this content, but it really does care that
the content matches the content that it expects.

Today, the only option we have available to deal with this problem is
TLS.  And along with our integrity (and source authentication), we
also get confidentiality.  This is occasionally desirable, but
frequently, it is merely consequential.

One significant downside to this arrangement is that confidentiality
also rules out intermediation options that could be hugely beneficial.
 Now it is no longer possible to cache copies of JQuery all over the
web.  (TODO: deal with obvious CDN counter-argument)

Intermediation is a fundamental part of the web architecture and
building a protocol that makes this inherently difficult would be a
disservice to the web.

The separation of resource integrity from communication
integrity/confidentiality is something that I know others have been
thinking about.  I'd like to see this discussed in HTTP/2.0.

--Martin

long p.s. I should include a reference to the work from decade, that
deals with exactly this sort of problem in an environment that
consists entirely of unauthoritative "intermediaries".

One proposed solution, which should probably be at least considered,
is to provide a content-specific identifier for a resource.  That is a
resource is identified by a hash of its representation, so that a
modified representation can be easily detected.  This might actually
be more restrictive than is entirely ideal, but it is worth knowing
about:see draft-farrell-decade-ni.

Received on Wednesday, 28 March 2012 03:55:47 UTC