Re: Comments about draft-ietf-httpbis-http2-16 : Connection reuse from Aeris on 2015-01-02 (ietf-http-wg@w3.org from January to March 2015)

From: Aeris <aeris@imirhil.fr>
Date: Fri, 02 Jan 2015 19:10:17 +0100
To: Ryan Hamilton <rch@google.com>
Cc: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Patrick McManus <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <1784667.UCfANSV7uG@home>

> The requirement to reuse a TLS connection is that the cert is "valid". This
> does not simply mean that the cert contains a matching Subject-Alt-Name, it
> means that *all* the validity checks are satisfied.

List *all* those validity checks is impossible, because depends of tons of 
parameters, RFCed or not, built-in or not, custom or not. This is not just a 
case of X.509, TLSA or PKP.
For example, I (and I hope everybody) consider invalid the fact of using a A 
certificate (even if totally X.509 valid) for B domain in case of B domain 
would use B cert if no reusage. With or without PKP/TLSA/whatever. Cause it’s 
the definition of what is MITM TLS attack.
Same if weak protocol or cipher are reuse instead of new strong ones. Cause 
it’s the same behaviour as downgrade attack.

Either IETF allow channel reusage and in this case, must ensure client 
behaviour with strong definition of when reuse and when not reuse, to be able 
to judge if this is at least as secure as TLS without reusage and know very 
well what new TLS attack will be possible. Or more simply to allow an admin 
sys to understantd very well what TLS strength he will have on each content 
(right now taking into account not only the content but also the origin, and 
worse actually, the user-agent the user will use…) he serv.
Or IETF must reject channel reusage, for security purpose.

And even with strong definition, all the chance we have to consider HTTP2 as a 
not secure protocol because reduce overall security or bypass some TLS related 
principle. Cause such strong definition is in fact impossible to find without 
reducing TLS scope/extensibility.
The only strong, testable, not implem dependant, extendable definition is 
« reuse the channel if and only if there is no difference with no reusage ». 
And means impossible to achieve without a real opening to compare current 
parameters with the next ones.

> https://code.google.com/p/chromium/codesearch#chromium/src/net/spdy/spdy_ses
> sion.cc&sq=package:chromium&l=568&rcl=1420152226

This is exactly what I say : this « CanPool » method will become just a 
monster with a bunch of spaghetti code, addressing tons of use case, needing 
hooks for browser plugins… And currently with not the same behaviour for all 
user-agent because no precise definition of what « valid » means.

Regards,
-- 
Aeris

Protégez votre vie privée, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

Received on Friday, 2 January 2015 18:10:49 UTC