W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: Trusted Proxy Alternatives Analysis

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 13 Feb 2014 10:18:51 +1100
Cc: (wrong string) 陈智昌)" <willchan@chromium.org>, Peter Lepeska <bizzbyster@gmail.com>, Frode Kileng <frodek@tele.no>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <EA61612C-1B26-4E1B-A845-2918D4A76714@mnot.net>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>

On 12 Feb 2014, at 8:33 pm, Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote:

> 
> Le Mer 12 février 2014 05:52, Mark Nottingham a écrit :
> 
>> I think the security properties of that scheme are becoming well
>> understood, and they are effective within certain bounds. They may not
>> allow a proxy to "add value", but that isn't a necessary condition for
>> every new addition to the Web, surely?
> 
> It's not a case of adding value. It's a case of getting the ecosystem work
> well. If you add a measure to fight cache poisoning, but forget to take
> proxy caches into account, you have users, browser authors and site
> authors complain that "the proxy broke the web site" when its cache gets
> poisoned because the other actors forgot to inform it of the security hash
> (and do not forget that some proxies are deployed explicitly to perform
> such security checks!)

If you're concerned about that use case, I'd suggest you join that list and propose a mechanism (e.g., a request header that the client can use to convey the hash it expects -- but there are DoS implications, etc. there too). They're quite open to suggestions in my experience.

<http://www.w3.org/2011/webappsec/>

Cheers,



--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 12 February 2014 23:19:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC