W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: #445: Transfer-Codings

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 24 Apr 2014 07:57:01 -0700
Message-ID: <CABkgnnVZHzMg0pbCAHWq_xhJ4EEk1qLDevQ09kdN6z+qL7jmWQ@mail.gmail.com>
To: K.Morgan@iaea.org
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Matthew Kerwin <matthew@kerwin.net.au>
On 24 April 2014 02:26,  <K.Morgan@iaea.org> wrote:
> however the uncompressed data from separate frames MUST NOT be merged.
> Merging uncompressed data from separate frames creates a shared compression
> context that could allow an attacker to recover secret data if merging
> combines confidential and attacker-controlled data.

My first impression was that you have too much text there, but this
point is valuable.  I had to ship -12, but I'll add this to the
editor's copy in preparation for -13.

Note that this is only an issue if the merged data is subsequently compressed.

I think that the text could more succinctly say:

[...] frames that are separately compressed cannot be merged into a
single compressed frame.  Either could result in the compression of
secret and attacker-controlled data within the same compression
context.  Compressed frames MAY be decompressed, in whole or part.

I'm less certain about making the downstream intermediary point so
explicit.   There's a balance to be struck.  There are plenty of other
places where our prohibitions are less-well explained than this
already is.  This is a fractal landscape, and we try to avoid
exhaustively exploring all the minute details in the interests of
readability and accessibility.
Received on Thursday, 24 April 2014 14:57:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC