Re: Proposal for doing unauthenticated encryption inside of HTTP/2 from James M Snell on 2013-12-04 (ietf-http-wg@w3.org from October to December 2013)

From: James M Snell <jasnell@gmail.com>
Date: Tue, 3 Dec 2013 20:34:01 -0800
To: Paul Hoffman <paul.hoffman@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABP7RbdVsSGriyiLp4sDQ48VW7phaguAEW6wE5uhRKHB8rZ1JQ@mail.gmail.com>

On Tue, Dec 3, 2013 at 8:18 PM, Paul Hoffman <paul.hoffman@gmail.com> wrote:
> On Tue, Dec 3, 2013 at 8:03 PM, James M Snell <jasnell@gmail.com> wrote:
>>
>> 1. So far this appears only to sketch out a rough key derivation
>> strategy... it doesn't really say, however, *what* parts of the
>> message are being encrypted. DATA frame payloads only? HEADERS frame
>> payloads? What about PUSH_PROMISE? Extension frames? These will all
>> need to be addressed at some point.
>
>
> Yes.
>
>>
>> 2. Who exactly is S1?
>
>
> S1 is not a "who", it is a message. C1 is the first message from the client
> to the server, S1 is the first message from the server to the client.
>

Sorry I wasn't clear, I mean who exactly is sending S1... see below.

>>
>> What is the relationship between S1 and Origin?
>> How does C1 know who it is communicating with?
>
>
> C1 doesn't: that's the whole point of "unauthenticated". If I can make that
> any more clear in the document, please let me know how.
>

Yes, the unauthenticated part is quite clear... I just think it's
going to be a problem... particularly if the intent really is to
"thwart surveillance" as you suggest. At the very least I think
authenticating the origin is going to be necessary.

>>
>> Is the negotiation
>> hop-by-hop or end-to-end?
>
>
> It is for a single HTTP/2 connection between a client and a server.
>
>>
>> Can there be multiple keys derived and used
>> within a single HTTP/2 connection?
>
>
> The current draft assumes a single set of keys. There is no need for more if
> the purpose is to thwart surveillance. Having multiple keys possible seems
> like a feature without a problem behind it.
>

Well, the use-cases I'm exploring at this point at largely
experimental and are geared more towards the fact that a single http/2
connection could carry traffic bound to multiple origin domains. In
other words, the problem exists in a very narrow subset of cases and
it's not yet clear if those are going to be interesting enough to
pursue, but they are worth chasing down nonetheless.

- James

> --Paul Hoffman

Received on Wednesday, 4 December 2013 04:34:49 UTC