- From: Roberto Peon <grmocg@gmail.com>
- Date: Fri, 20 Jul 2012 09:28:13 -0700
- To: Willy Tarreau <w@1wt.eu>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Poul-Henning Kamp <phk@phk.freebsd.dk>, James Snell <jasnell@gmail.com>, Philippe Mougin <pmougin@acm.org>
- Message-ID: <CAP+FsNcWPw6j68Y9g9HfAWxZu-83W4p1cX0OTd4Fngky=PdvgA@mail.gmail.com>
We're basically reinventing parts of the TLS handshake. I don't want this to turn into TLS vs not TLS, just pointing out that generating a shared nonce securely is something we already know how to do. -=R On Jul 19, 2012 10:47 PM, "Willy Tarreau" <w@1wt.eu> wrote: > On Thu, Jul 19, 2012 at 10:36:13PM +0000, Poul-Henning Kamp wrote: > > In message <20120719213630.GA20313@1wt.eu>, Willy Tarreau writes: > > >On Thu, Jul 19, 2012 at 08:48:01PM +0000, Poul-Henning Kamp wrote: > > > > >I think it would be terribly useful to have a session container in which > > >we can store one or more session identifiers and that load balancers and > > >servers can easily access and manipulate. > > > > At this point I would like to defer to card-carrying cryptographers, > > because while I think nobody but the client should be allowed to > > define/change the session identifier, in order to shut out spoofing > > of it, I don't trust my own analysis of this question to be definitive. > > Yes you're right that if the client builds it by itself, the ID cannot > be injected. However it can still be stolen and reused. But at least > the easiest part of the security failure with cookies would be covered. > > > I do think it would be terribly useful if the session-id was client > > originated and contained a anon/specific-authenticated-user bit, > > because that would warn the server about public PCs etc. So even > > if we don't do the session-id, I think I would advocate that bit > > on its own. > > Based on your first point above, I think that the client could build > *part* of the ID. If the client generates a 64-bit random for instance, > it doesn't ensure unicity, which is a server's task, but it saves it > from being injected another ID. So from the server's point of view, > a client could be identified by the couple of (ID1,ID2) where ID1 is > invented by the client and unknown from JS and ID2 is invented by the > server. > > We could then even keep cookies as they are for ID2, and just use a > new identifier for ID1. That way we remain compatible with HTTP/1 > (important goal) and HTTP/2to1 gateways can pass ID1 into a header > field that the server can use. > > If we do something like this, then it is wise to make this ID part > of the protocol, just like the mask is part of the protocol in > websocket without being accessible to the client's stack. > > This needs more thinking in my opinion but I think it's worth it. > > Willy > > >
Received on Friday, 20 July 2012 16:28:41 UTC