From 3872a0d0fd618147669cea17645c80cc02f97172 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Sun, 17 Jan 2016 18:04:44 +1100 Subject: [PATCH 1/8] move same-host restriction out of alt-svc --- draft-ietf-httpbis-alt-svc.xml | 41 +++++++------------------- draft-ietf-httpbis-http2-encryption.md | 30 +++++++------------ 2 files changed, 21 insertions(+), 50 deletions(-) diff --git a/draft-ietf-httpbis-alt-svc.xml b/draft-ietf-httpbis-alt-svc.xml index a7e360f65..eca76741e 100755 --- a/draft-ietf-httpbis-alt-svc.xml +++ b/draft-ietf-httpbis-alt-svc.xml @@ -268,10 +268,9 @@ uri-host = <uri-host, see >
- Clients &MUST-NOT; use alternative services with a host that is different from the origin's - without strong server authentication; this mitigates the attack described in - . One way to achieve this is for the alternative to use TLS - with a certificate that is valid for that origin. + Clients MUST strongly authenticate the alternative service as the origin. This mitigates the + attack described in . One way to achieve this is for the + alternative to use TLS with a certificate that is valid for the origin. For example, if the origin's host is "www.example.com" and an alternative is @@ -836,17 +835,12 @@ Alt-Used: alternate.example.net they can thus masquerade as the HTTP server. - On servers, this risk can be reduced by restricting the ability to advertise - alternative services, and restricting who can open a port for listening on that host. - Clients can reduce this risk by imposing stronger requirements (e.g. strong - authentication) when moving from System Ports to User or Dynamic Ports, or from - User Ports to Dynamic Ports, as defined in . - + This risk is mitigated for the requirement that any alternative service be strongly + authenticated with the origin's identity in . + - It is always valid for a client to ignore an alternative service advertisement which - does not meet its implementation-specific security requirements. Servers can increase - the likelihood of clients using the alternative service by providing strong - authentication even when not required. + On servers, this risk can also be reduced by restricting the ability to advertise + alternative services, and restricting who can open a port for listening on that host.
@@ -863,9 +857,8 @@ Alt-Used: alternate.example.net This is the reason for the requirement in that any alternative - service with a host different from the origin's be strongly authenticated with - the origin's identity; i.e., presenting a certificate for the origin proves - that the alternative service is authorized to serve traffic for the origin. + service be strongly authenticated with the origin's identity; i.e., presenting a certificate for + the origin proves that the alternative service is authorized to serve traffic for the origin. However, this authorization is only as strong as the method used to @@ -1146,20 +1139,6 @@ Alt-Used: alternate.example.net - - - Internet Assigned Numbers Authority (IANA) Procedures for the Management - of the Service Name and Transport Protocol Port Number Registry - - - - - - - - - - Public Key Pinning Extension for HTTP diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 6a33492cb..3b10a40c8 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -118,25 +118,17 @@ expire, in order minimize the delays that might be incurred. # Server Authentication {#auth} -By their nature, `http` URIs do not require cryptographically strong server authentication; that is -only implied by `https` URIs. Furthermore, doing so (as per {{RFC2818}}) creates a number of -operational challenges. For these reasons, server authentication is not mandatory for `http` URIs -when using the mechanism described in this specification. - -When connecting to an alternative service for an `http` URI, clients are not required to perform the -server authentication procedure described in Section 3.1 of {{RFC2818}}. The server certificate, if -one is proffered by the alternative service, is not necessarily checked for validity, expiration, -issuance by a trusted certificate authority or matched against the name in the URI. Therefore, the -alternative service can provide any certificate, or even select TLS cipher suites that do not -include authentication. - -A client MAY perform additional checks on the offered certificate if the server does not select an -unauthenticated TLS cipher suite. This document doesn't define any such checks, though clients -could be configured with a policy that defines what is acceptable. - -As stipulated by {{I-D.ietf-httpbis-alt-svc}}, clients MUST NOT use alternative services with a -host other than the origin's, unless the alternative service itself is strongly authenticated (as -the origin's host); for example, using TLS with a certificate that validates as per {{RFC2818}}. +{{I-D.ietf-httpbis-alt-svc}} requires that an alternative service only be used when it is strongly +authenticated as the origin. + +For the purposes of this specification, there are two ways to achieve this: + +1. Using TLS with a certificate that validates as per {{RFC2818}}, or +2. Using an alternative service with a hostname that is character-for-character identical to that of the origin. + +The latter approach allows deployment without the use of valid certificates, to encourage +deployment of opportunistic security. Therefore, in these cases the alternative service can provide +any certificate, or even select TLS cipher suites that do not include authentication. # Interaction with "https" URIs From aca1b4168cdd843232558f0f251ed11de0d37602 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Tue, 19 Jan 2016 11:37:35 +1100 Subject: [PATCH 2/8] massage "strong authentication" language --- draft-ietf-httpbis-alt-svc.xml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/draft-ietf-httpbis-alt-svc.xml b/draft-ietf-httpbis-alt-svc.xml index eca76741e..70af2aa59 100755 --- a/draft-ietf-httpbis-alt-svc.xml +++ b/draft-ietf-httpbis-alt-svc.xml @@ -268,9 +268,10 @@ uri-host = <uri-host, see >
- Clients MUST strongly authenticate the alternative service as the origin. This mitigates the - attack described in . One way to achieve this is for the - alternative to use TLS with a certificate that is valid for the origin. + Clients MUST have reasonable assurances that the alternative service is under control of and + valid for the whole origin. This mitigates the attack described in . One way to achieve this is for the alternative to use TLS with a + certificate that is valid for the origin. For example, if the origin's host is "www.example.com" and an alternative is @@ -278,7 +279,7 @@ uri-host = <uri-host, see > offered is valid for "www.example.com", the client can use the alternative. However, if "other.example.com" is offered with the "h2c" protocol, the client cannot use it, because there is no mechanism in that protocol to establish - strong server authentication. + the relationship between the origin and the alternative.
@@ -835,8 +836,7 @@ Alt-Used: alternate.example.net they can thus masquerade as the HTTP server. - This risk is mitigated for the requirement that any alternative service be strongly - authenticated with the origin's identity in . + This risk is mitigated by the requirements in . On servers, this risk can also be reduced by restricting the ability to advertise @@ -856,14 +856,15 @@ Alt-Used: alternate.example.net target="changing-ports"/>) or remotely (e.g., by an intermediary as a man-in-the-middle attack). - This is the reason for the requirement in that any alternative - service be strongly authenticated with the origin's identity; i.e., presenting a certificate for - the origin proves that the alternative service is authorized to serve traffic for the origin. + This is the reason for the requirement in that clients have + reasonable assurances that the alternative service is under control of and valid for the whole + origin; i.e., presenting a certificate for the origin proves that the alternative service is + authorized to serve traffic for the origin. - However, this authorization is only as strong as the method used to - authenticate the alternative service. In particular, there are well-known - exploits to make an attacker's certificate appear as legitimate. + Note that this assurance is only as strong as the method used to authenticate the alternative + service. In particular, when TLS authentication is used to do so, there are well-known exploits + to make an attacker's certificate appear as legitimate. Alternative services could be used to persist such an attack; for example, an From 73252010fdf42e681e484c1b5e8ea4f58adcab18 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Thu, 21 Jan 2016 13:49:50 +1100 Subject: [PATCH 3/8] update date --- draft-ietf-httpbis-http2-encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 3b10a40c8..1ec017b2a 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -2,7 +2,7 @@ title: Opportunistic Security for HTTP abbrev: Opportunistic HTTP Security docname: draft-ietf-httpbis-http2-encryption-latest -date: 2015 +date: 2016 category: exp ipr: trust200902 From 5eb094a759aac248f256fd1f5eb7d113e4ae1a6e Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Thu, 21 Jan 2016 13:52:50 +1100 Subject: [PATCH 4/8] update 5987bis date --- draft-ietf-httpbis-rfc5987bis.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-rfc5987bis.xml b/draft-ietf-httpbis-rfc5987bis.xml index d54968534..35f359c93 100755 --- a/draft-ietf-httpbis-rfc5987bis.xml +++ b/draft-ietf-httpbis-rfc5987bis.xml @@ -40,7 +40,7 @@ - + Applications and Real-Time HTTP @@ -962,4 +962,4 @@ - \ No newline at end of file + From dfe793fd53ccef0bed37c8a117238bd0a7e45975 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Thu, 21 Jan 2016 13:55:26 +1100 Subject: [PATCH 5/8] Update key date --- draft-ietf-httpbis-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-key.md b/draft-ietf-httpbis-key.md index 617994da2..07953eda2 100644 --- a/draft-ietf-httpbis-key.md +++ b/draft-ietf-httpbis-key.md @@ -2,7 +2,7 @@ title: The Key HTTP Response Header Field abbrev: Key docname: draft-ietf-httpbis-key-latest -date: 2015 +date: 2016 category: std ipr: trust200902 From f64a230d5b5dd59a4599a011ebf58839a6ab35b3 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Thu, 21 Jan 2016 13:58:18 +1100 Subject: [PATCH 6/8] Update client-hints date --- draft-ietf-httpbis-client-hints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-client-hints.md b/draft-ietf-httpbis-client-hints.md index 8719de72d..99b38699e 100644 --- a/draft-ietf-httpbis-client-hints.md +++ b/draft-ietf-httpbis-client-hints.md @@ -2,7 +2,7 @@ title: HTTP Client Hints abbrev: docname: draft-ietf-httpbis-client-hints-latest -date: 2015 +date: 2016 category: std ipr: trust200902 From 788fd05e6bae1f35a150965138a12a4498bf1d9a Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Thu, 21 Jan 2016 14:01:13 +1100 Subject: [PATCH 7/8] Update encryption-encoding date --- draft-ietf-httpbis-encryption-encoding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-encryption-encoding.md b/draft-ietf-httpbis-encryption-encoding.md index 30055a6a0..a4d751f5d 100644 --- a/draft-ietf-httpbis-encryption-encoding.md +++ b/draft-ietf-httpbis-encryption-encoding.md @@ -2,7 +2,7 @@ title: Encrypted Content-Encoding for HTTP abbrev: HTTP encryption coding docname: draft-ietf-httpbis-encryption-encoding-latest -date: 2015 +date: 2016 category: std ipr: trust200902 From c315fe680f7ddac4ca628761ddbaf18203afdc44 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Thu, 21 Jan 2016 14:01:54 +1100 Subject: [PATCH 8/8] update 451 date --- draft-ietf-httpbis-legally-restricted-status.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-legally-restricted-status.xml b/draft-ietf-httpbis-legally-restricted-status.xml index e276f5453..d4fec83b3 100755 --- a/draft-ietf-httpbis-legally-restricted-status.xml +++ b/draft-ietf-httpbis-legally-restricted-status.xml @@ -36,7 +36,7 @@ - + Applications and Real-Time HTTP HTTP