- From: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
- Date: Mon, 21 Jan 2013 14:07:14 +0000
- To: Roberto Peon <grmocg@gmail.com>, Willy Tarreau <w@1wt.eu>
- CC: Nico Williams <nico@cryptonector.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>, "Mark Nottingham" <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
I agree that in the general case, partial-text matches are unsafe when considering CRIME attack. After all, this is the basis of the Deflate mechanism. However, I would think that the more limited usage I proposed for URLs is mostly safe: - First it doesn't mix different sources of information: URLs are kept with URLs. If URLs are considered as sensitive, this isn't great as the CRIME attack vector was based on URLs. - Second, only the most recent URLs are kept in cache: after a few tries from the attacker, the cache will contain only the URLs used by the attacker, and the attack target will have been evicted from the cache. Therefore, I think that using a common prefix to encode URLs in a more compact way is safe. In addition, we should probably take a deeper look at the CRIME attack, and include in HTTP/2.0 other mechanism to prevent it, or at least to decrease the risks linked to it. For example, there could be rules on how HTTP/2.0 sessions can be reused. Hervé. > -----Original Message----- > From: Roberto Peon [mailto:grmocg@gmail.com] > Sent: vendredi 18 janvier 2013 20:23 > To: Willy Tarreau > Cc: RUELLAN Herve; Nico Williams; Martin J. Dürst; Mark Nottingham; James > M Snell; ietf-http-wg@w3.org > Subject: Re: bohe and delta experimentation... > > Heh. We have more information about what is safe and what is not safe than > that! > > Things we have fairly high confidence about w.r.t. CRIME: > Partial-text matches are unsafe for any potentially sensitive field. > > Full-atom matches are safe for any field, including those with potentially > sensitive information. > Dynamic entropy-coding, where the code-tables change based on input is > unsafe > Static entropy-coding, where the code-tables have no relation to user input > is safe. > > -=R > > > On Fri, Jan 18, 2013 at 10:18 AM, Willy Tarreau <w@1wt.eu> wrote: > > > Hi Roberto, > > > On Fri, Jan 18, 2013 at 09:22:11AM -0800, Roberto Peon wrote: > > This makes URLs vulnerable to the CRIME attack, and URLs > definitely do > > contain sensitive information often :( > > > > This is true for anything which allows partial matches (I just can't > figure > > out how date could be sensitive, but if it could, even the encoding > > suggested earlier by me would be dangerous). > > > > I dropped exactly this (prefix match) functionality from delta early > on > > because of this. > > > If we consider that anything is sensible to the CRIME attack, then we > need > to go fully stateless I guess, otherwise it will be too hard to find out > what is safe to reuse and what is risky :-/ > > Willy > > >
Received on Monday, 21 January 2013 14:08:24 UTC