Re: Adam Roach's No Objection on draft-ietf-httpbis-origin-frame-04: (with COMMENT) from Adam Roach on 2018-01-10 (ietf-http-wg@w3.org from January to March 2018)

From: Adam Roach <adam@nostrum.com>
Date: Wed, 10 Jan 2018 12:42:03 -0600
To: Patrick McManus <mcmanus@ducksong.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Mark Nottingham <mnot@mnot.net>, The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, httpbis-chairs@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <f8b2096a-c06f-ae0c-a0ad-afd0d6aa472d@nostrum.com>

On 1/10/18 12:19 PM, Patrick McManus wrote:
>
> Origin takes the position that that certificate validity is the more 
> useful signal and encourages the implementer to be extra careful about 
> it now that it has more weight.. that's why the examples deal with the 
> mis-issuance infrastucture (i.e. CT) and revocation (i.e. OCSP 
> stapling) rather than bringing in other factors.
>

I've always viewed DNS + TLS as kind of a belt-and-suspenders kind of 
thing, where one needs to mount two (usually unrelated) exploits to 
successfully hijack an origin. I'm uncomfortable with backing down from 
that, but this might just be due to a misperception on my part: is CT 
deployed broadly enough that it provides a viable backstop against such 
attacks? (On a quick glance, I believe that zero of the ten defects I 
cited in my earlier message would have been thwarted by OCSP).

/a

Received on Wednesday, 10 January 2018 18:42:46 UTC