Re: [XHR] chunked requests

On Fri, Dec 9, 2011 at 10:37 AM, Adam Barth <w3c@adambarth.com> wrote:
> On Fri, Dec 9, 2011 at 7:59 AM, Anne van Kesteren <annevk@opera.com> wrote:
>> On Fri, 09 Dec 2011 16:33:08 +0100, Eric Rescorla <ekr@rtfm.com> wrote:
>>> Same-origin requests should be OK because the JS would have access
>>> to the relevant sensitive data in any case.
>>
>> Okay, I guess we can make that difference.
>
> Correct me if I'm wrong, but I believe these issues are fixed in TLS
> 1.1.  Most user agents implement TLS 1.1 anyway, so this seems mostly
> like a requirement to put in the security considerations section.

Would that it were this easy.

Unfortunately, many servers do not support TLS 1.1, and to make matters
worse, they do so in a way that is not securely verifiable. By which I mean
that an active attacker can force a client/server pair both of which support
TLS 1.1 down to TLS 1.0. This may be detectable in some way, but not
by TLS's built-in mechanisms. And since the threat model here is an active
attacker, this is a problem.

-Ekr

Received on Friday, 9 December 2011 18:55:48 UTC