Last Call Review of draft-ietf-httpbis-bcp56bis-12
review-ietf-httpbis-bcp56bis-12-secdir-lc-salowey-2021-07-25-00
Request | Review of | draft-ietf-httpbis-bcp56bis |
---|---|---|
Requested revision | No specific revision (document currently at 15) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2021-07-23 | |
Requested | 2021-07-09 | |
Authors | Mark Nottingham | |
I-D last updated | 2021-07-25 | |
Completed reviews |
Tsvart Last Call review of -12
by David L. Black
(diff)
Genart Last Call review of -13 by David Schinazi (diff) Secdir Last Call review of -12 by Joseph A. Salowey (diff) Secdir Telechat review of -14 by Joseph A. Salowey (diff) |
|
Assignment | Reviewer | Joseph A. Salowey |
State | Completed | |
Request | Last Call review on draft-ietf-httpbis-bcp56bis by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/HbWgQY1V9rXXA0o9dcvSoutoIzw | |
Reviewed revision | 12 (document currently at 15) | |
Result | Has issues | |
Completed | 2021-07-25 |
review-ietf-httpbis-bcp56bis-12-secdir-lc-salowey-2021-07-25-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is has issues The document is well written and very useful. There are a few issues I think need to be addressed. Major Issues: + I had trouble with section 4.12 Client Authentication which states: "Applications can use HTTP authentication Section 11 of [I-D.ietf-httpbis-semantics] to identify clients. The Basic authentication scheme [RFC7617] MUST NOT be used unless the underlying transport is authenticated, integrity-protected and confidential (e.g., as provided the "HTTPS" URI scheme, or another using TLS). The Digest scheme [RFC7616] MUST NOT be used unless the underlying transport is similarly secure, or the chosen hash algorithm is not "MD5"." I'm not sure what the "or chosen hash algorithm is not "MD5" is meant to say. What I think the document should say is: The Digest scheme [RFC7616] MUST NOT be used unless the underlying transport is similarly secure. The "MD5" digest algorithm MUST NOT be used. + There is a security consideration that I think the document should cover. Many HTTP based protocols make heavy use of bearer tokens, such as session cookies, for authentication and authorization purposes. This means that an attacker that can eavesdrop on HTTP communications can often escalate their privilege to perform operations on resources. I think you could add this to the security considerations: " Section 4.4.2 requires support for 'https' URLs, and discourages the use of 'http' URLs, to provide authentication, integrity and confidentiality, as well as mitigate pervasive monitoring attacks. Many HTTP based protocols make heavy use of bearer tokens, such as session cookies, for authentication and authorization purposes. This means that an attacker that can eavesdrop on HTTP communications can often escalate their privilege to perform operations on resources. " Minor Issues: + Section 4.5.1 - This could be a good place to mention RFC-8470 on TLS 1.3 early data which can also be a source of GET request replay