Skip to main content

Last Call Review of draft-ietf-httpbis-bcp56bis-12
review-ietf-httpbis-bcp56bis-12-secdir-lc-salowey-2021-07-25-00

Request Review of draft-ietf-httpbis-bcp56bis
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2021-07-23
Requested 2021-07-09
Authors Mark Nottingham
I-D last updated 2021-07-25
Completed reviews Tsvart Last Call review of -12 by David L. Black (diff)
Genart Last Call review of -13 by David Schinazi (diff)
Secdir Last Call review of -12 by Joseph A. Salowey (diff)
Secdir Telechat review of -14 by Joseph A. Salowey (diff)
Assignment Reviewer Joseph A. Salowey
State Completed
Request Last Call review on draft-ietf-httpbis-bcp56bis by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/HbWgQY1V9rXXA0o9dcvSoutoIzw
Reviewed revision 12 (document currently at 15)
Result Has issues
Completed 2021-07-25
review-ietf-httpbis-bcp56bis-12-secdir-lc-salowey-2021-07-25-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is has issues

The document is well written and very useful.  There are a few issues I think
need to be addressed.

Major Issues:

+ I had trouble with section 4.12 Client Authentication which states:

"Applications can use HTTP authentication Section 11 of
[I-D.ietf-httpbis-semantics] to identify clients. The Basic authentication
scheme [RFC7617] MUST NOT be used unless the underlying transport is
authenticated, integrity-protected and confidential (e.g., as provided the
"HTTPS" URI scheme, or another using TLS). The Digest scheme [RFC7616] MUST NOT
be used unless the underlying transport is similarly secure, or the chosen hash
algorithm is not "MD5"."

I'm not sure what the "or chosen hash algorithm is not "MD5" is meant to say. 
What I think the document should say is:

The Digest scheme [RFC7616] MUST NOT be used unless the underlying transport is
similarly secure. The "MD5" digest algorithm MUST NOT be used.

+ There is a security consideration that I think the document should cover. 
Many HTTP based protocols make heavy use of bearer tokens, such as session
cookies, for authentication and authorization purposes.  This means that an
attacker that can eavesdrop on HTTP communications can often escalate their
privilege to perform operations on resources.   I think you could add this to
the security considerations:

" Section 4.4.2 requires support for 'https' URLs, and discourages the use of
'http' URLs, to provide authentication, integrity and confidentiality, as well
as mitigate pervasive monitoring attacks.  Many HTTP based protocols make heavy
use of bearer tokens, such as session cookies, for authentication and
authorization purposes.  This means that an attacker that can eavesdrop on HTTP
communications can often escalate their privilege to perform operations on
resources. "

Minor Issues:

+ Section 4.5.1 - This could be a good place to mention RFC-8470 on TLS 1.3
early data which can also be a source of GET request replay