Re: WSC WG comment on proposed HTTPS best practice [mobile web apps best practices] from Francois Daoust on 2009-02-04 (public-wsc-wg@w3.org from February 2009)

From: Francois Daoust <fd@w3.org>
Date: Wed, 04 Feb 2009 10:20:08 +0100
To: Thomas Roessler <tlr@w3.org>
CC: public-bpwg-comments@w3.org, Mary-Ellen Zurko <mzurko@us.ibm.com>, W3C WSC Internal <public-wsc-wg@w3.org>
Message-ID: <49895DC8.3080703@w3.org>

Thanks for the advice and thanks for taking the time to review this section!

The Mobile Web Best Practices Working Group will carefully review its 
security-oriented best practices to take your feedback into account. 
I'll keep you updated on the group's decision.

On behalf of the Mobile Web Best Practices Working Group,
Francois Daoust.


Thomas Roessler wrote:
> Hi,
> 
> thanks for your request for advice with respect to the proposed best 
> practices on the use of HTTPS.  The Web Security Context Working Group 
> has considered the proposed best practice on a recent conference call.
> 
> The short version of the advice is "don't do this, it's a bad practice."
> 
> The longer version:  We believe that you mean to recommend token-based 
> authentication schemes (where only an initial login transaction is done 
> through HTTPS, but most interactions are through plain HTTP, with an 
> appropriate token transmitted as a cookie or in some HTTP header) 
> similar to the ones currently in use at large web properties.  While 
> there may be situations in which the use of such schemes is justified as 
> the result of a complex trade-off, we oppose a best practice 
> recommending this approach.  There are several reasons for this advice:
> 
> 1. Use of HTTP in such schemes often leaves the asset that should really 
> be protected out in the open:  E.g., a webmail service implemented 
> according to this advice might permit an attacker full access to the 
> victim's inbox.
> 
> 2. When using TLS, there is no reason to repeat the initial public key 
> handshake for every single HTTP request:  The resource-intensive piece 
> of the protocol occurs when the TLS handshake is first executed (e.g., 
> when accessing the login page); future HTTP requests only require cheap 
> symmetric key operations.
> 
> 3. The practice described is particularly bad in the case of 
> applications targeted at mobile use:  Mobile devices are increasingly 
> used to access the Web through whatever Wireless LAN might be 
> available.  There is no reason to trust these networks; indeed, there is 
> hardly a situation with a higher exposure to network attacks than an 
> untrusted Wireless LAN environment.  Therefore, the Best Practices 
> document should call out the overall risk profile, and *encourage* use 
> of TLS.
> 
> 4. We note that your specification seems to aim at relatively complex 
> Web Applications, which implies a high likelihood that powerful mobile 
> devices will be used with these applications.  That implies both an even 
> higher likelihood for the use of W-LAN, and a comparably low likelihood 
> that resource constraints will indeed be seriously affected by the use 
> of TLS.
> 
> On behalf of the Web Security Context WG,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
> 
>

Received on Wednesday, 4 February 2009 09:20:44 UTC