- From: Eric Rescorla <ekr@rtfm.com>
- Date: Tue, 6 Mar 2012 17:06:03 -0800
- To: Ian Hickson <ian@hixie.ch>
- Cc: "Manger, James H" <James.H.Manger@team.telstra.com>, Carsten Bormann <cabo@tzi.org>, Adrien de Croy <adrien@qbik.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Willy Tarreau <w@1wt.eu>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, Anne van Kesteren <annevk@opera.com>
On Tue, Mar 6, 2012 at 4:23 PM, Ian Hickson <ian@hixie.ch> wrote: > >> I hope a 500 error with a response body containing javascript cannot get >> the http+aes URL from, say, window.location. > > A 500 error containing JS would be garbled and so couldn't access the URL. Ian, If I understand your reasoning here, it's that the body of the error would be encrypted by an unknown key and therefore the attacker cannot put chosen JS here? If so, that's not obviously correct. Consider the case where the header of the content is known (e.g., because it contains meta-information about the content). In that case, an attacker can use the properties of CTR to produce a ciphertext that maps to a predictable plaintext, thus mounting the attack described here. Best, -Ekr
Received on Wednesday, 7 March 2012 01:13:38 UTC