W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Adding Security Considerations regarding interception to p1

From: Werner Baumann <werner.baumann@onlinehome.de>
Date: Thu, 19 Sep 2013 20:34:08 +0200
To: ietf-http-wg@w3.org
Message-ID: <20130919203408.0af56887@ginster.fritz.box>
+1
Werner

Am Thu, 19 Sep 2013 07:39:04 +0200
schrieb Willy Tarreau <w@1wt.eu>:

> I'd rather go with something much more generic in fact, like the
> following idea :
> 
> "HTTP/1.1 is used for virtually every communication over the Internet
> today and as such is the target of many attacks :
>   - passive interception attacks : the protocol is transported in
> clear text and may be passively intercepted by any party. This
> weakness has recently been magnified by the wide deployment of WiFi
> networks. Encryption may help reduce these risks if properly
> implemented.
> 
>   - active interception attacks (man in the middle) : the protocol
> offers no authentication of both ends, making it sensible to
> transparent proxying, which is used by many internet service
> providers to deliver cached contents and may be used by attackers to
> modify the traffic on the fly. Encryption with end-to-end
> authentication may help reduce these risks if properly implemented.
> 
>   - server-side attacks : log files may contain a lot of sensible
> information and are the target of some break-in attempts. Contents
> are also modified by attackers to deliver malware to many end users.
> These attacks are not related to the protocol but to its
> implementations and its wide deployment.
> 
>   - proxy-side attacks : corporate proxy logs are generally
> accessible to a few people who are in contact with the end users.
> Accessing these logs can become a privacy concern if browsing habits
> are disclosed among coworkers.
> 
>   - client-side attacks : malware running in browsers retrieve all
> contents in clear text before they leave the browser, and modify
> responses before they're displayed to the user. This is widely used
> to attack bank accounts and is not related to the protocol but to its
> implementations and its wide deployment.
> 
> Implementors should be aware of these threats and consider them
> carefully when designing a new implementation. Encryption only solves
> the transport issue between trusted parties if reciprocal
> authentication is enforced, but does not address the security of the
> end points themselves. Logs are required to address technical issues
> but should not reveal too much information. Agents should disclose
> the least possible information about the users and only when
> absolutely needed, as these information may still end in a network
> capture or log file somewhere. "
> 
> Willy
> 
> 
Received on Thursday, 19 September 2013 18:34:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC