- From: James M Snell <jasnell@gmail.com>
- Date: Fri, 13 Jul 2012 11:36:03 -0700
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Tim Bray <tbray@textuality.com>, Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Sounds like we're generally in agreement on most aspects then. I agree that TLS would not be strictly necessary if we have effective stream-level security, and I definitely agree that a session identifier at the stream-level would be highly beneficial. In the scheme I described, sending a SYN_STREAM with the host and session-id ONLY, in clear-text, and then encrypting subsequent data frames on the stream, including the request-uri in an encrypted HEADERS frame, SHOULD provide for the overwhelming majority of cases. As I said, if a particular intermediary needs to perform request-uri based routing and the request-uri is not included in the SYN_STREAM, it has the option of rejecting the stream, in which case the sender can choose it's next course of action. Like I said, it appears to me that we are in agreement but if I am misreading it, please let me know :-) - James On Fri, Jul 13, 2012 at 11:21 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <CABP7RbcVOEfnzg1A+x8NsOu+Gp2OtnHnVvWmLyQUM+QUMLNsUw@mail.gmail.com> > , James M Snell writes: > >>Definitely a tricky thing here because of the competing interests and >>requirements at play. Transport-layer secure provides the necessary >>protection against snoopers but makes the efficient routing and >>handling of the communication via intermediaries far more difficult. > > I still don't agree. > > The envelope is where you write who you want your adversary to think > you are communicating with. > > This may or may not be who you actually are communicating with. > > TLS communication today already have an envelope consisting of > IP# + TCP port numbers, and unless your adversary is totally > incompetent, he also has the DNS lookup that gave you that IP#. > > QED: Putting the "Host:" in the HTTP envelope does not leak any > information your adversary doesn't already have or can guess. > > Even if we stopped here, it would be a major benefit over TLS > in terms of enabling websites to roll out protection for their > customers. > > To make it better, we need to add a session identifier, but today > we pretend HTTP is stateless so we don't have one (so people > hack it with cookies). > > Finally, to do what people do today we would need to include the > URI, but that is by far the most troublesome of the three fields. > > I belive, but it should be seriously investigated, that if we add > a session-concept to HTTP2, the envelope would just need to be Host: > + session-nonce. > > In difference from TLS, that would allow us to mix protected and > unprotected traffic on the same TCP connection, thus avoiding > the extra TCP for protection upgrade, and making life much > easier and efficient for proxies. > > It also means that you do not need to put your certificate on > the HTTP router/load-balancer, but can put it on the specific > webservers which host the protected stuff. > > SSL/TLS was a quick hack to protect HTTP, one of the far too > many quick hacks in HTTP world. We should try to eliminate > them. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 13 July 2012 18:36:51 UTC