W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: [integrity]: latency tradeoffs

From: Adam Langley <agl@google.com>
Date: Wed, 15 Jan 2014 11:57:07 -0500
Message-ID: <CAL9PXLyhxHF4cDApN+G5Lg8yeSYkq4m=tp3qWrH0reh92Hy84w@mail.gmail.com>
To: Pete Freitag <pete@foundeo.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Jan 15, 2014 at 11:37 AM, Pete Freitag <pete@foundeo.com> wrote:
> The Merkle tree approach is very interesting, but what happens if the last
> chunk fails verification and you've already "used" prior chunks of the
> resource? By "used" do you mean applying the contents of the resource chunk
> to begin altering the document, or simply the work of preparing the resource
> to be used in the document?

With progressive authentication, any accepted chunk is authentic: it's
the data that the hash in the source document intended. So it's fine
to use it in any way - parsing, and executing Javascript for example.

That does mean that an attacker can truncate the resource, but that's
currently the case with HTTPS. An attacker can see the number of reply
bytes sent and inject a TCP RST. However, a truncation attack would be
easier, certainly. So, although technically it's not a new capability,
perhaps there's a problem there. Someone more familiar with Javascript
would have to comment on the implications of that.


Cheers

AGL
Received on Wednesday, 15 January 2014 16:57:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC