Header compression integrity from Tatsuhiro Tsujikawa on 2013-07-28 (ietf-http-wg@w3.org from July to September 2013)

From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 28 Jul 2013 12:56:32 +0900
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CAPyZ6=K8a=LqVZPq28Kmc=aoPjU4FSX+p2t_B8itFLHuBUerQQ@mail.gmail.com>

Under the current header compression scheme, the receiver has no way to
check that the received header set is what the sender intended to transmit.
I think it would be good to add some kind of integrity checking against
uncompressed header sets(e.g., parity, hash, etc).

This problem does not occur if both ends correctly implement header
compression. But there are several corner cases (index shadowing, etc) and
its implementation complexity is certainly higher than current HTTP/1.1 and
SPDY, it may go wrong easier than before.

For example, if client encodes index badly (off-by-one error, for example),
the server may see the wrong index. The thing is this might not be
noticeable in one request/response. It might be apparent after several
requests, possibly after eviction occurs. This problem is more serious for
proxy. If proxy coalesces streams for requests to different origin servers
just like what secure SPDY proxy does, misinterpreting headers may leak
cookies to other unintended sites.

Best regards,

Tatsuhiro Tsujikawa

Received on Sunday, 28 July 2013 03:57:19 UTC