Re: New Version Notification for draft-thomson-http-encryption-00.txt from Poul-Henning Kamp on 2015-05-12 (ietf-http-wg@w3.org from April to June 2015)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 12 May 2015 18:35:06 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Amos Jeffries <squid3@treenet.co.nz>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <18367.1431455706@critter.freebsd.dk>

--------
In message <20150512181651.GH6738@1wt.eu>, Willy Tarreau writes:

>> Notice that Range is not in C-E for the very same reason:  By pulling
>> it out of C-E its exact placement in the pipeline gets nailed down.
>
>Well, thinking about it, C-E, C-T, range, etc are the body's meta-data
>so they should be hidden from the clear-text headers and encrypted with
>the body.

>So I tend to think now that moving all entity headers to the body (including
>C-E) and using a separate header to indicate what's being compressed makes
>sense.  You ask for a blob, you get a blob and until you decipher it, you
>cannot tell how it was made nor what it contains.

Exactly.  This is why I say that encryption goes first: The moment
you perform the encryption, all metadata except for the encryption
parameters disappear, and you get an entirely new message.

We have to decide precisly how far that goes however, does an plaintext
403 response arrive as an encrypted 200 response which only reveal its
true colors on decryption ?

It follows from this that if you receive a message with both
(Content-)Encryption and Range it means:

	Range(encryption(plaintext))

and if you get Encryption, Range and C-E: gzip it means

	Range(gzip(encryption(plaintext))

so as to not reveal anything about the plaintext.

>At this point, reusing Content-Encoding to indicate the envelope's format
>doesn't seem problematic at all to me since any previous occurrence of it
>would have moved inside the body.

It is problematic if "gzip, aesbla" and "aesbla, gzip" means different
things.

C-E is defined today as giving them different meanings, so either
we have to add veribiage which mandates that "aesbla" always must
be first in the C-E, or (better) avoid the issue by not involving C-E.

The fact that encryption needs to care about metadata means that it
is not really a "Content-Encoding" but rather a "Message-Encoding".

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 12 May 2015 18:35:30 UTC