Encrypted Content-Encoding for HTTP
RFC 8188
Internet Engineering Task Force (IETF) M. Thomson
Request for Comments: 8188 Mozilla
Category: Standards Track June 2017
ISSN: 2070-1721
Encrypted Content-Encoding for HTTP
Abstract
This memo introduces a content coding for HTTP that allows message
payloads to be encrypted.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8188.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Thomson Standards Track [Page 1]
RFC 8188 HTTP Encryption Coding June 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. The "aes128gcm" HTTP Content Coding . . . . . . . . . . . . . 3
2.1. Encryption Content-Coding Header . . . . . . . . . . . . 5
2.2. Content-Encryption Key Derivation . . . . . . . . . . . . 6
2.3. Nonce Derivation . . . . . . . . . . . . . . . . . . . . 6
3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1. Encryption of a Response . . . . . . . . . . . . . . . . 7
3.2. Encryption with Multiple Records . . . . . . . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . . 8
4.1. Automatic Decryption . . . . . . . . . . . . . . . . . . 9
4.2. Message Truncation . . . . . . . . . . . . . . . . . . . 9
4.3. Key and Nonce Reuse . . . . . . . . . . . . . . . . . . . 9
4.4. Data Encryption Limits . . . . . . . . . . . . . . . . . 10
4.5. Content Integrity . . . . . . . . . . . . . . . . . . . . 10
4.6. Leaking Information in Header Fields . . . . . . . . . . 10
4.7. Poisoning Storage . . . . . . . . . . . . . . . . . . . . 11
4.8. Sizing and Timing Attacks . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
5.1. The "aes128gcm" HTTP Content Coding . . . . . . . . . . . 12
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
6.1. Normative References . . . . . . . . . . . . . . . . . . 12
6.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. JWE Mapping . . . . . . . . . . . . . . . . . . . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction
It is sometimes desirable to encrypt the contents of an HTTP message
(request or response) so that when the payload is stored (e.g., with
an HTTP PUT), only someone with the appropriate key can read it.
For example, it might be necessary to store a file on a server
without exposing its contents to that server. Furthermore, that same
file could be replicated to other servers (to make it more resistant
to server or network failure), downloaded by clients (to make it
available offline), etc., without exposing its contents.
These uses are not met by the use of Transport Layer Security (TLS)
[RFC5246], since it only encrypts the channel between the client and
server.
This document specifies a content coding (see Section 3.1.2 of
[RFC7231]) for HTTP to serve these and other use cases.
Thomson Standards Track [Page 2]
RFC 8188 HTTP Encryption Coding June 2017
This content coding is not a direct adaptation of message-based
encryption formats -- such as those that are described by [RFC4880],
[RFC5652], [RFC7516], and [XMLENC]. Those formats are not suited to
stream processing, which is necessary for HTTP. The format described
Show full document text