From d1216a8ec80d01359f9d9018b1a5d599d2258cb3 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 10:28:12 +1100 Subject: [PATCH 01/11] DRY on active attacks --- draft-ietf-httpbis-http2-encryption.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 69143fdcf..20ee98278 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -74,8 +74,7 @@ URIs; it is vulnerable to active attacks, and does not change the security conte connection. Normally, users will not be able to tell that it is in use (i.e., there will be no "lock icon"). -By its nature, this technique is vulnerable to active attacks. A mechanism for partially mitigating -them is described in {{commit}}. +A mechanism for partially mitigating active attacks is described in {{commit}}. ## Goals and Non-Goals From ae42fed473b674c25e15e5132e19068bf5a5648c Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 10:30:44 +1100 Subject: [PATCH 02/11] Expand TLS on first use --- draft-ietf-httpbis-http2-encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 20ee98278..fe55f6ed0 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -63,7 +63,7 @@ for this draft can be found at Date: Thu, 31 Mar 2016 10:32:16 +1100 Subject: [PATCH 03/11] Avoid obvious normative language when repeating parts of other documents --- draft-ietf-httpbis-http2-encryption.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index fe55f6ed0..f79dff354 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -124,8 +124,8 @@ in order minimize the delays that might be incurred. "reasonable assurances" that it is under control of and valid for the whole origin. As defined in that specification, one way of establishing this is using a TLS-based protocol with -the certificate checks defined in {{RFC2818}}. Clients MAY impose additional criteria for -establishing reasonable assurances. +the certificate checks defined in {{RFC2818}}. Clients are permitted to impose additional criteria +for establishing reasonable assurances. For the purposes of this specification, an additional way of establishing reasonable assurances is available when the alternative is on the same host as the origin, using the "http-opportunistic" From 401ff9242ccef62038dd06b16f0c41e9f591a3d9 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:04:46 +1100 Subject: [PATCH 04/11] More specific reference to authentication requirements --- draft-ietf-httpbis-http2-encryption.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index f79dff354..530513094 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -135,8 +135,9 @@ This allows deployment without the use of valid certificates, to encourage deplo opportunistic security. When it is in use, the alternative service can provide any certificate, or even select TLS cipher suites that do not include authentication. -When the client has a valid http-opportunistic response for an origin, it MAY consider there to be -reasonable assurances when: +A client acquires an http-opportunistic response by making a GET request to the "http-opportunistic" +well-known URI. When the client has a valid http-opportunistic response for an origin, it MAY +consider there to be reasonable assurances when: * The origin and alternative service's hostnames are the same when compared in a case-insensitive fashion, and @@ -173,7 +174,7 @@ connection. Since `https` URIs rely on server authentication, a connection that is initially created for `http` URIs without authenticating the server cannot be used for `https` URIs until the server certificate is successfully authenticated. Section 3.1 of {{RFC2818}} describes the basic mechanism, though the -authentication considerations in {{I-D.ietf-httpbis-alt-svc}} also apply. +authentication considerations in Section 2.1 of {{I-D.ietf-httpbis-alt-svc}} also apply. Connections that are established without any means of server authentication (for instance, the purely anonymous TLS cipher suites), cannot be used for `https` URIs. From c8e073b2c60e1753b4f9f77e108c23660f8b9d62 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:05:14 +1100 Subject: [PATCH 05/11] Remove extra comma --- draft-ietf-httpbis-http2-encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 530513094..1d1150916 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -177,7 +177,7 @@ is successfully authenticated. Section 3.1 of {{RFC2818}} describes the basic me authentication considerations in Section 2.1 of {{I-D.ietf-httpbis-alt-svc}} also apply. Connections that are established without any means of server authentication (for instance, the -purely anonymous TLS cipher suites), cannot be used for `https` URIs. +purely anonymous TLS cipher suites) cannot be used for `https` URIs. # Requiring Use of TLS {#commit} From ecf8bbcb9219fbee38412cfb283094f4257c8589 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:29:37 +1100 Subject: [PATCH 06/11] s/an/a --- draft-ietf-httpbis-http2-encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 1d1150916..47f0c92a2 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -203,7 +203,7 @@ contacted. Effectively, this makes the choice to use a secured protocol "sticky" ## Opportunistic Commitment An origin can reduce the risk of attacks on opportunistically secured connections by committing to -provide an secured, authenticated alternative service. This is done by including the optional +provide a secured, authenticated alternative service. This is done by including the optional `commit` member in the http-opportunistic well-known resource (see {{well-known}}). This feature is optional due to the requirement for server authentication and the potential risk entailed (see {{pinrisks}}). From cf7757d328ce193c14b30a3827fe465607d2b337 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:32:09 +1100 Subject: [PATCH 07/11] there is no and --- draft-ietf-httpbis-http2-encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 47f0c92a2..646c1e5a7 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -279,7 +279,7 @@ to have a valid http-opportunistic resource when: * The "origins" member of the root object has a value of an array of strings, one of which is a case-insensitive character-for-character match for the origin in question, serialised into - Unicode as per {{RFC6454}}, Section 6.1, and + Unicode as per Section 6.1 of {{RFC6454}}. This specification defines one additional, optional member of the root object, "commit" in {{commit}}. Unrecognised members MUST be ignored. From 14493778b793ab473f562682eb6c85b204fa6436 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:33:29 +1100 Subject: [PATCH 08/11] Section reference added --- draft-ietf-httpbis-http2-encryption.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 646c1e5a7..04d6e5a57 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -287,11 +287,11 @@ This specification defines one additional, optional member of the root object, " # IANA Considerations -This specification registers a Well-known URI {{RFC5785}}: +This specification registers a Well-Known URI {{RFC5785}}: * URI Suffix: http-opportunistic * Change Controller: IETF -* Specification Document(s): \[this specification\] +* Specification Document(s): {{well-known}} of \[this specification\] * Related Information: From e51209befd378fcf13a37c9fba88b185bab2c72d Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:33:59 +1100 Subject: [PATCH 09/11] Section link un-weirded --- draft-ietf-httpbis-http2-encryption.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 04d6e5a57..0466ba736 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -306,9 +306,9 @@ used (e.g., a "lock device"). ## Downgrade Attacks {#downgrade} -A downgrade attack against the negotiation for TLS is possible. With commitment {{commit}}, this is -limited to occasions where clients have no prior information (see {{privacy}}), or when persisted -commitments have expired. +A downgrade attack against the negotiation for TLS is possible. With commitment (see {{commit}}), +this is limited to occasions where clients have no prior information (see {{privacy}}), or when +persisted commitments have expired. For example, because the `Alt-Svc` header field {{I-D.ietf-httpbis-alt-svc}} likely appears in an unauthenticated and unencrypted channel, it is subject to downgrade by network attackers. In its From e6f4bf62e90fbac9e9309b0b079f7a9fd24fbaa6 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:39:01 +1100 Subject: [PATCH 10/11] Restructuring section on confusion --- draft-ietf-httpbis-http2-encryption.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 0466ba736..99cbfcc4d 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -332,16 +332,15 @@ cookies). ## Confusion Regarding Request Scheme -Many existing HTTP/1.1 implementations use the presence or absence of TLS in the stack to determine -whether requests are for `http` or `https` resources. This is necessary in many cases because the -most common form of an HTTP/1.1 request does not carry an explicit indication of the URI scheme. +Some HTTP/1.1 implementations use ambient signals to determine if a request is for an `https` +resource. For example, implementations might look for TLS on the stack or a port number of 443. This +is necessary in many cases because the most common form of an HTTP/1.1 request does not carry an +explicit indication of the URI scheme. An implementation that is serving an opportunistically +secured request SHOULD suppress these signals for `http` resources. -HTTP/1.1 MUST NOT be used for opportunistically secured requests. +HTTP/1.1 MUST NOT be used to serve opportunistically secured requests. HTTP/1.1 can be used to +discover an opportunistically secured alternative service. -Some HTTP/1.1 implementations use ambient signals to determine if a request is for an `https` -resource. For example, implementations might look for TLS on the stack or a port number of 443. An -implementation that supports opportunistically secured requests SHOULD suppress these signals if -there is any potential for confusion. --- back From bae5514ee22f62150722c2f2ebc6c3419d0e974e Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Mar 2016 11:39:07 +1100 Subject: [PATCH 11/11] Adding Julian to acks --- draft-ietf-httpbis-http2-encryption.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md index 99cbfcc4d..994f17987 100644 --- a/draft-ietf-httpbis-http2-encryption.md +++ b/draft-ietf-httpbis-http2-encryption.md @@ -348,5 +348,5 @@ discover an opportunistically secured alternative service. # Acknowledgements Thanks to Patrick McManus, Eliot Lear, Stephen Farrell, Guy Podjarny, Stephen Ludin, Erik Nygren, -Paul Hoffman, Adam Langley, Eric Rescorla, Kari Hurtta, and Richard Barnes for their feedback and -suggestions. +Paul Hoffman, Adam Langley, Eric Rescorla, Julian Reschke, Kari Hurtta, and Richard Barnes for their +feedback and suggestions.