- From: poot <cvsmail@w3.org>
- Date: Fri, 02 Mar 2012 18:24:53 -0500
- To: public-html-diffs@w3.org
hixie: Add a spec for http+aes:// and https+aes:// to allow sensitive
resources to be held on untrusted servers. (whatwg r7012)
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5601&r2=1.5602&f=h
http://html5.org/tools/web-apps-tracker?from=7011&to=7012
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5601
retrieving revision 1.5602
diff -u -d -r1.5601 -r1.5602
--- Overview.html 29 Feb 2012 22:40:04 -0000 1.5601
+++ Overview.html 2 Mar 2012 23:24:40 -0000 1.5602
@@ -320,7 +320,7 @@
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
- <h2 class="no-num no-toc" id="editor-s-draft-29-february-2012">Editor's Draft 29 February 2012</h2>
+ <h2 class="no-num no-toc" id="editor-s-draft-2-march-2012">Editor's Draft 2 March 2012</h2>
<dl><dt>Latest Published Version:</dt>
<dd><a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a></dd>
<dt>Latest Editor's Draft:</dt>
@@ -467,7 +467,7 @@
Group</a> is the W3C working group responsible for this
specification's progress along the W3C Recommendation
track.
- This specification is the 29 February 2012 Editor's Draft.
+ This specification is the 2 March 2012 Editor's Draft.
</p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><p>Work on this specification is also done at the <a href="http://www.whatwg.org/">WHATWG</a>. The W3C HTML working group
actively pursues convergence with the WHATWG, as required by the <a href="http://www.w3.org/2007/03/HTML-WG-charter">W3C HTML working
group charter</a>.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
@@ -1357,7 +1357,9 @@
<li><a href="#application-xhtml-xml"><span class="secno">12.3 </span><code>application/xhtml+xml</code></a></li>
<li><a href="#application-x-www-form-urlencoded"><span class="secno">12.4 </span><code>application/x-www-form-urlencoded</code></a></li>
<li><a href="#text-cache-manifest"><span class="secno">12.5 </span><code>text/cache-manifest</code></a></li>
- <li><a href="#web-scheme-prefix"><span class="secno">12.6 </span><code>web+</code> scheme prefix</a></ol></li>
+ <li><a href="#http-aes-scheme"><span class="secno">12.6 </span><code>http+aes</code> scheme</a></li>
+ <li><a href="#https-aes-scheme"><span class="secno">12.7 </span><code>https+aes</code> scheme</a></li>
+ <li><a href="#web-scheme-prefix"><span class="secno">12.8 </span><code>web+</code> scheme prefix</a></ol></li>
<li><a class="no-num" href="#index">Index</a>
<ol>
<li><a class="no-num" href="#elements-1">Elements</a></li>
@@ -71121,7 +71123,119 @@
<dt>Change controller:</dt>
<dd>W3C</dd>
</dl><p>Fragment identifiers have no meaning with
- <code><a href="#text-cache-manifest">text/cache-manifest</a></code> resources.<h3 id="web-scheme-prefix"><span class="secno">12.6 </span><dfn title="scheme-web"><code>web+</code> scheme prefix</dfn></h3><p>This section describes a convention for use with the IANA URI
+ <code><a href="#text-cache-manifest">text/cache-manifest</a></code> resources.<h3 id="http-aes-scheme"><span class="secno">12.6 </span><dfn title="scheme-http+aes"><code>http+aes</code> scheme</dfn></h3><p>This section describes a URL scheme registration for the IANA URI
+ scheme registry. <a href="#refsRFC4395">[RFC4395]</a><dl><dt>URI scheme name:</dt>
+ <dd><code title="">http+aes</code></dd>
+ <dt>Status:</dt>
+ <dd>permanent</dd>
+ <dt>URI scheme syntax:</dt>
+ <dd>Same as <code title="">http</code>, with the <code title="">userinfo</code> component instead used for specifying the
+ decryption key. (This key is provided in the form of 16, 24, or 32
+ bytes encoded as ASCII and escaped as necessary using the URL
+ escape mechanism; it is not in the "username:password" form, and
+ the ":" character is not special in this component when using this
+ scheme.)</dd>
+ <dt>URI scheme semantics:</dt>
+ <dd>Same as <code title="">http</code>, except that the message
+ body must be decrypted by applying the AES-CTR algorithm using the
+ key specified in the URL's <code title="">userinfo</code>
+ component, after unescaping it from the URL syntax to bytes. If
+ there is no such component, or if that component, when unescaped
+ from the URL syntax to bytes, does not consist of exactly 16, 24,
+ or 32 bytes, then the user agent must act as if the resource could
+ not be obtained due to a network error, and may report the problem
+ to the user.</dd>
+ <dt>Encoding considerations:</dt>
+ <dd>Same as <code title="">http</code>, but the <code title="">userinfo</code> component represents bytes encoded using
+ ASCII and the URL escape mechanism.</dd>
+ <dt>Applications/protocols that use this URI scheme name:</dt>
+ <dd>Same as <code title="">http</code>.</dd>
+ <dt>Interoperability considerations:</dt>
+ <dd>Same as <code title="">http</code>, but specifically for
+ private resources that are hosted by untrusted intermediary servers
+ as in a content delivery network.</dd>
+
+ <dt>Security considerations:</dt>
+ <dd>
+ <p>URLs using this scheme contain sensitive information (the key
+ used to decrypt the referenced content) and as such should be
+ handled with care, e.g. only sent over TLS-encrypted connections,
+ and only sent to users who are authorized to access the encrypted
+ content.</p>
+ <p>User agents are encouraged to not show the key in user
+ interface elements where the URL is displayed: first, it's ugly
+ and not useful to the user; and second, it could be used to
+ obscure the domain name.</p>
+ <p>The <code title="">http+aes</code> URL scheme only enables the
+ <em>content</em> of a particular resource to be encrypted. Any
+ sensitive information held in HTTP headers is still transmitted in
+ the clear. The length of the resource is still visible. The rate
+ at which the data is transmitted is also unobscured. The name of
+ the resource is not hidden. If this scheme is used to obscure
+ private information, it is important to consider how these side
+ channels might leak information.</p>
+ <p class="example">For example, the length of a file containing
+ only the user's age in seconds encoded in ASCII would easily let
+ an attacker watching the network traffic or with access to the
+ system hosting the files determine if the user was less than 3
+ years old, less than 30 years old, or more than 30 years old, just
+ from the length of the file. Padding the file to ten digits
+ (either with trailing spaces or leading zeros) would make all ages
+ from zero to three hundred indistinguishable.</p>
+ <p class="example">Another example would be the file name.
+ Consider a bank where each user first downloads a "data.json"
+ file, which points to some other files for more data, such that
+ users in debt download a "debt.json" file while users in credit
+ download a "credit.json" file. In such a scenario, users can be
+ categorised by an attacker watching network traffic or with access
+ to the system hosting the files without the attacker ever having
+ to decrypt the "data.json" files.</p>
+ <p>The security considerations that apply to <code title="">http</code> apply as well.</p>
+ </dd>
+
+ <dt>Contact:</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>Author/Change controller:</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>References:</dt>
+ <dd>
+ The <code title="">http</code> URL scheme is defined in:
+ <a href="http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging">http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging</a>
+ </dd>
+ </dl><h3 id="https-aes-scheme"><span class="secno">12.7 </span><dfn title="scheme-https+aes"><code>https+aes</code> scheme</dfn></h3><p>This section describes a URL scheme registration for the IANA URI
+ scheme registry. <a href="#refsRFC4395">[RFC4395]</a><dl><dt>URI scheme name:</dt>
+ <dd><code title="">https+aes</code></dd>
+ <dt>Status:</dt>
+ <dd>permanent</dd>
+ <dt>URI scheme syntax:</dt>
+ <dd>Same as <code title="">http+aes</code>.</dd>
+ <dt>URI scheme semantics:</dt>
+ <dd>Same as <code title="">http+aes</code>.</dd>
+ <dt>Encoding considerations:</dt>
+ <dd>Same as <code title="">http+aes</code>.</dd>
+ <dt>Applications/protocols that use this URI scheme name:</dt>
+ <dd>Same as <code title="">https</code>.</dd>
+ <dt>Interoperability considerations:</dt>
+ <dd>Same as <code title="">https</code>, but specifically for
+ private resources that are hosted by untrusted intermediary servers
+ as in a content delivery network.</dd>
+
+ <dt>Security considerations:</dt>
+ <dd>
+ <p>The security considerations that apply to <code title="">http+aes</code> and <code title="">https</code> apply as
+ well.</p>
+ </dd>
+
+ <dt>Contact:</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>Author/Change controller:</dt>
+ <dd>Ian Hickson <ian@hixie.ch></dd>
+ <dt>References:</dt>
+ <dd>
+ The <code title="">https</code> URL scheme is defined in:
+ <a href="http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging">http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging</a>
+ </dd>
+ </dl><h3 id="web-scheme-prefix"><span class="secno">12.8 </span><dfn title="scheme-web"><code>web+</code> scheme prefix</dfn></h3><p>This section describes a convention for use with the IANA URI
scheme registry. It does not itself register a specific scheme. <a href="#refsRFC4395">[RFC4395]</a><dl><dt>URI scheme name:</dt>
<dd>
Schemes starting with the four characters "<code title="">web+</code>" followed by one or more letters in the range
Received on Friday, 2 March 2012 23:24:56 UTC