W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Security implications of gzip #423

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 13 Mar 2014 21:58:54 +0100
Message-ID: <CABkgnnXRhjxAQXmXNF0W8vS=CRJqfqLW1tew9iv4ZtGz62rGvQ@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Proposed text:

   HTTP/2 enables greater use of compression for both header fields
   (Section 4.3) and response bodies (Section 9.3).  Compression can
   allow an attacker to recover plaintext when plaintext under attacker
   control is compressed in the same context with secret data.

   There are demonstrable attacks on compression that exploit the
   characteristics of the web platform (e.g., [BREACH]).  The attacker
   induces multiple requests containing varying plaintext, observing the
   length of the resulting ciphertext in each, which reveals a shorter
   length when a guess about the secret is correct.

   Implementations MUST NOT compress plaintext that includes content
   from both confidential and potentially attacker-controlled sources in
   the same compression context.  Thus, even though gzip compression of
   response bodies is permitted for every response, it cannot be used
   every time.  An implementation MAY compress confidential and
   potentially attacker-controlled content independently, if such
   content can be reliably distinguished.

   Further considerations regarding the compression of header fields are
   described in [COMPRESSION].

Received on Thursday, 13 March 2014 20:59:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC