Re: non authenticated alternate services (was Re: AD review of draft-ietf-httpbis-alt-svc-10) from Kari Hurtta on 2016-01-18 (ietf-http-wg@w3.org from January to March 2016)

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Mon, 18 Jan 2016 07:50:09 +0000
To: Mark Nottingham <mnot@mnot.net>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Patrick McManus <pmcmanus@mozilla.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mike Bishop <Michael.Bishop@microsoft.com>, Barry Leiba <barryleiba@computer.org>, "Julian F. Reschke" <julian.reschke@gmx.de>, "draft-ietf-httpbis-alt-svc@ietf.org" <draft-ietf-httpbis-alt-svc@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <201601180749.u0I7nC70012902@shell.siilo.fmi.fi>

Mark Nottingham <mnot@mnot.net>: (Mon Jan 18 02:23:44 2016)
>> + Clients MUST strongly authenticate the alternative service as the origin. This mitigates the
>> + attack described in <xref target="host_security"/>. One way to achieve this is for the
>> + alternative to use TLS with a certificate that is valid for the origin.
>> 
>> What is "strongly authenticate" ? It may be read that some kind certificate must be always
>> required.   
> 
> We're leaving that intentionally vague.

> If the phrase "strong authentication" is making this hard to understand, we might use something else (e.g., "have reasonable assurances that the alternative service is under control of the origin").

That may be more clear.

/ Kari Hurtta

Received on Monday, 18 January 2016 10:40:07 UTC