- From: Jann Horn <jann@thejh.net>
- Date: Sun, 29 Mar 2015 23:12:05 +0200
- To: ietf-http-wg@w3.org
- Message-ID: <20150329211205.GA17881@pc.thejh.net>
Hello,
I've looked through draft-ietf-httpbis-alt-svc-04 and didn't see anything that
explicitly forbids the use of TLS client certificates. The threat scenario I
have in mind is this:
Alice is connected to the internet through a connection on which Mallory
performs a MITM attack. Alice has a TLS client certificate that grants her
access to sensitive information at https://bank.com/. There are no HSTS rules
for bank.com.
Alice browses to http://news.com, a website to which she does not need a TLS
connection. Mallory injects the following HTML snippet into the response:
<iframe src="http://bank.com"></iframe>
Alice's browser now requests http://bank.com. Mallory intercepts the request
and replies with a page containing malicious JavaScript code and the HTTP
header 'Alt-Svc: h2=":443"'.
The malicious JavaScript code now triggers further requests that the browser
performs to bank.com via TLS, authenticating Alice using the
non-origin-specific TLS client certificate. The server at https://bank.com
grants access to the client based on the TLS Client Certificate and
returns sensitive data, but the origin on the client is still http://bank.com,
effectively allowing the attacker to bypass the protocol part of SOP
restrictions on XHR.
Did I miss something, or is this a realistic attack against users of client
certificates (which, to be fair, probably is a really small set)?
If this is indeed a threat, these are the mitigations I can come up with:
- Forbid the use of TLS Client Certificates for requests to HTTP
Alternative Services.
- Require the Alternative Service to opt-in using a new HTTP response
header (similar to CORS response headers, whitelisting specific
origins, or everything with *)
Received on Sunday, 29 March 2015 21:12:29 UTC