Re: Adam Roach's No Objection on draft-ietf-httpbis-origin-frame-04: (with COMMENT) from Patrick McManus on 2018-01-10 (ietf-http-wg@w3.org from January to March 2018)

From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 10 Jan 2018 20:25:34 +0000 (UTC)
To: Adam Roach <adam@nostrum.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mark Nottingham <mnot@mnot.net>, The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, httpbis-chairs@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNri2CEW=oNLLxa73WFgbcLD5BtyGgSfWeZBLQByc4GUgQ@mail.gmail.com>

> I've always viewed DNS + TLS as kind of a belt-and-suspenders kind of
> thing, where one needs to mount two (usually unrelated) exploits to
> successfully hijack an origin. I'm uncomfortable with backing down from
> that, but this might just be due to a misperception on my part: is CT
> deployed broadly enough that it provides a viable backstop against such
> attacks? (On a quick glance, I believe that zero of the ten defects I cited
> in my earlier message would have been thwarted by OCSP).
>
> /a
>

The tradeoffs here are well tread ground by the working group.

Chrome will be requiring CT participation for all new publicly trusted
certificates issued after April 2018. Being in a public log is currently
very common because of this and of course an ORIGIN implementation is free
to ignore ORIGIN where it doesn't feel there are sufficient suspenders in
place.

Received on Wednesday, 10 January 2018 20:26:05 UTC