Skip to content
This repository was archived by the owner on Jul 12, 2023. It is now read-only.

update docs around sending chaff requests #1234

Merged
merged 1 commit into from
Dec 2, 2020
Merged

update docs around sending chaff requests #1234

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 18 additions & 3 deletions docs/api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,13 +314,28 @@ past).

In addition to "real" requests, the server also accepts chaff (fake) requests.
These can be used to obfuscate real traffic from a network observer or server
operator. To initiate a chaff request, set the `X-Chaff` header on your request:
operator.

Chaff requests:

* MUST resent the `X-API-Key` header with a valid API key (oterwise you will
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* MUST resent the `X-API-Key` header with a valid API key (oterwise you will
* MUST send the `X-API-Key` header with a valid API key (otherwise you will

get an authorized error)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
get an authorized error)
get an unauthorized error)

* MUST be sent via a `POST` requesxt, otherwise you will get an invalid method
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* MUST be sent via a `POST` requesxt, otherwise you will get an invalid method
* MUST be sent via a `POST` request, otherwise you will get an invalid method

error
* SHOULD send a valid JSON body with padding out to the same size as the rest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* SHOULD send a valid JSON body with padding out to the same size as the rest
* SHOULD send a valid JSON body with random padding similar in size as the rest

of the client requests so that chaff requests appear the same size
on the wire as valid requests.

To initiate a chaff request, set the `X-Chaff` header on your request:

```sh
curl https://example.encv.org/api/endpoint \
curl https://apiserver.example.com/api/verify \
--header "x-api-key: YOUR-API-KEY" \
--header "content-type: application/json" \
--header "accept: application/json" \
--header "x-chaff: 1"
--header "x-chaff: 1" \
--request POST \
--data '{"padding":"base64 encoded padding"}'
```

The client should still send a real request with a real request body (the body
Expand Down