- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 21 Jul 2014 09:46:32 -0400
- To: Willy Tarreau <w@1wt.eu>
- Cc: Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, Roberto Peon <grmocg@gmail.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Phil Hunt <phil.hunt@oracle.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 21 Jul 2014, at 9:42 am, Willy Tarreau <w@1wt.eu> wrote: > On Mon, Jul 21, 2014 at 06:24:04AM -0700, Eric Rescorla wrote: >> On Mon, Jul 21, 2014 at 6:20 AM, Martin Thomson <martin.thomson@gmail.com> >> wrote: >> >>> On 21 July 2014 00:53, Willy Tarreau <w@1wt.eu> wrote: >>>> >>>> I'm not sure what you mean, we're speaking about having a single :query >>>> for whatever follows the question mark, right ? If so, all the params >>>> must be tried as a single block. >>> >>> Yes, but there could be cases where the combination of path and query >>> contain sufficiently high entropy in combination, but one or other >>> contains insufficient entropy on its own to resist guessing attacks. >>> >> >> I concur with Martin's analysis >> >> Consider the case where we have sensitive information split between the >> path and the query. E.g. >> >> https://login.example.com/ekr?<password> >> >> If the username is unknown, this lets them be guessed independently. > > I didn't understand you were suggesting such a case, because for me "ekr" > above would be well-known as it would typically be presented on the login > page itself in the form of a link, so it would not be considered part of > the secret. > > Thanks for explaining your example case at least, even if I find it hard > to find a real world case involing this and without "ekr" being already > public. The point is that this has a surprising interaction with HPACK. I know the security folks are already nervous about low-entropy secrets and HPACK, and this doesn’t help; while it’s true that in the common case the path is known, it creates yet another thing that people need to understand to secure the protocol properly. At this point I’m concerned enough about getting through our security review that I’m inclined not to do this; the possible benefit (which the WG seems open to, if not enthusiastic about) doesn’t appear to be worth the risk (both that to the actual security of people using the protocol, and the risk of not making it through our security reviews). Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Monday, 21 July 2014 13:47:00 UTC