hixie: http+aes: Clarify that the nonce is zero and that thus the key must be fresh with each resource. (whatwg r7014)

• From: poot <cvsmail@w3.org>
• Date: Mon, 05 Mar 2012 12:55:25 -0500
• To: public-html-diffs@w3.org
• Message-Id: <E1S4c85-00080j-HM@jay.w3.org>

hixie: http+aes: Clarify that the nonce is zero and that thus the key
must be fresh with each resource. (whatwg r7014)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5603&r2=1.5604&f=h
http://html5.org/tools/web-apps-tracker?from=7013&to=7014

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5603
retrieving revision 1.5604
diff -u -d -r1.5603 -r1.5604
--- Overview.html 5 Mar 2012 05:05:23 -0000 1.5603
+++ Overview.html 5 Mar 2012 17:55:09 -0000 1.5604
@@ -71139,12 +71139,12 @@
    <dd>Same as <code title="">http</code>, except that the message
    body must be decrypted by applying the AES-CTR algorithm using the
    key specified in the URL's <code title="">userinfo</code>
-   component, after unescaping it from the URL syntax to bytes. If
-   there is no such component, or if that component, when unescaped
-   from the URL syntax to bytes, does not consist of exactly 16, 24,
-   or 32 bytes, then the user agent must act as if the resource could
-   not be obtained due to a network error, and may report the problem
-   to the user.</dd>
+   component, after unescaping it from the URL syntax to bytes, and
+   using a zero nonce. If there is no such component, or if that
+   component, when unescaped from the URL syntax to bytes, does not
+   consist of exactly 16, 24, or 32 bytes, then the user agent must
+   act as if the resource could not be obtained due to a network
+   error, and may report the problem to the user.</dd>
    <dt>Encoding considerations:</dt>
    <dd>Same as <code title="">http</code>, but the <code title="">userinfo</code> component represents bytes encoded using
    ASCII and the URL escape mechanism.</dd>
@@ -71190,6 +71190,10 @@
     categorised by an attacker watching network traffic or with access
     to the system hosting the files without the attacker ever having
     to decrypt the "data.json" files.</p>
+    <p>Each resource encrypted in this fashion must use a fresh key.
+    Otherwise, an attacker can use commonalities in the resources'
+    plaintexts to determine the key and decrypt all the resources
+    sharing a key.</p>
     <p>The security considerations that apply to <code title="">http</code> apply as well.</p>
    </dd>

Received on Monday, 5 March 2012 17:55:32 UTC