| draft-ietf-httpbis-http2-encryption-10.txt | draft-ietf-httpbis-http2-encryption-11.txt | |||
|---|---|---|---|---|
| HTTP Working Group M. Nottingham | HTTP Working Group M. Nottingham | |||
| Internet-Draft | Internet-Draft | |||
| Intended status: Experimental M. Thomson | Intended status: Experimental M. Thomson | |||
| Expires: August 4, 2017 Mozilla | Expires: September 18, 2017 Mozilla | |||
| January 31, 2017 | March 17, 2017 | |||
| Opportunistic Security for HTTP | Opportunistic Security for HTTP/2 | |||
| draft-ietf-httpbis-http2-encryption-10 | draft-ietf-httpbis-http2-encryption-11 | |||
| Abstract | Abstract | |||
| This document describes how "http" URIs can be accessed using | This document describes how "http" URIs can be accessed using | |||
| Transport Layer Security (TLS) to mitigate pervasive monitoring | Transport Layer Security (TLS) and HTTP/2 to mitigate pervasive | |||
| attacks. | monitoring attacks. This mechanism not a replacement for "https" | |||
| URIs; it is vulnerable to active attacks. | ||||
| Note to Readers | ||||
| Discussion of this draft takes place on the HTTP working group | ||||
| mailing list (ietf-http-wg@w3.org), which is archived at | ||||
| https://lists.w3.org/Archives/Public/ietf-http-wg/ . | ||||
| Working Group information can be found at http://httpwg.github.io/ ; | ||||
| source code and issues list for this draft can be found at | ||||
| https://github.com/httpwg/http-extensions/labels/opp-sec . | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 4, 2017. | This Internet-Draft will expire on September 18, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Goals and Non-Goals . . . . . . . . . . . . . . . . . . . 3 | 1.1. Goals and Non-Goals . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 3 | 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 3 | |||
| 2. Using HTTP URIs over TLS . . . . . . . . . . . . . . . . . . 3 | 2. Using HTTP URIs over TLS . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Alternative Server Opt-In . . . . . . . . . . . . . . . . 4 | 2.1. Alternative Server Opt-In . . . . . . . . . . . . . . . . 4 | |||
| 2.2. Interaction with "https" URIs . . . . . . . . . . . . . . 5 | 2.2. Interaction with "https" URIs . . . . . . . . . . . . . . 5 | |||
| 2.3. The "http-opportunistic" well-known URI . . . . . . . . . 5 | 2.3. The "http-opportunistic" well-known URI . . . . . . . . . 5 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. Security Indicators . . . . . . . . . . . . . . . . . . . 6 | 4.1. Security Indicators . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2. Downgrade Attacks . . . . . . . . . . . . . . . . . . . . 7 | 4.2. Downgrade Attacks . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.3. Privacy Considerations . . . . . . . . . . . . . . . . . 7 | 4.3. Privacy Considerations . . . . . . . . . . . . . . . . . 6 | |||
| 4.4. Confusion Regarding Request Scheme . . . . . . . . . . . 7 | 4.4. Confusion Regarding Request Scheme . . . . . . . . . . . 7 | |||
| 4.5. Server Controls . . . . . . . . . . . . . . . . . . . . . 7 | 4.5. Server Controls . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 5.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 5.2. Informative References . . . . . . . . . . . . . . . . . 9 | 5.2. Informative References . . . . . . . . . . . . . . . . . 8 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 9 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 9 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 1. Introduction | 1. Introduction | |||
| This document describes a use of HTTP Alternative Services [RFC7838] | This document describes a use of HTTP Alternative Services [RFC7838] | |||
| to decouple the URI scheme from the use and configuration of | to decouple the URI scheme from the use and configuration of | |||
| underlying encryption, allowing a "http" URI [RFC7230] to be accessed | underlying encryption. It allows an "http" URI to be accessed using | |||
| using Transport Layer Security (TLS) [RFC5246] opportunistically. | HTTP/2 [RFC7230] and Transport Layer Security (TLS) [RFC5246] with | |||
| Opportunistic Security [RFC7435]. | ||||
| Serving "https" URIs requires avoiding Mixed Content | This document describes a usage model whereby sites can serve "http" | |||
| [W3C.CR-mixed-content-20160802], which is problematic in many | URIs over TLS, thereby avoiding the problem of serving Mixed Content | |||
| deployments. This document describes a usage model whereby sites can | (described in [W3C.CR-mixed-content-20160802]) while still providing | |||
| serve "http" URIs over TLS, thereby avoiding these issues, while | protection against passive attacks. | |||
| still providing protection against passive attacks. | ||||
| Opportunistic Security [RFC7435] does not provide the same guarantees | Opportunistic Security does not provide the same guarantees as using | |||
| as using TLS with "https" URIs; it is vulnerable to active attacks, | TLS with "https" URIs, because it is vulnerable to active attacks, | |||
| and does not change the security context of the connection. | and does not change the security context of the connection. | |||
| Normally, users will not be able to tell that it is in use (i.e., | Normally, users will not be able to tell that it is in use (i.e., | |||
| there will be no "lock icon"). | there will be no "lock icon"). | |||
| 1.1. Goals and Non-Goals | 1.1. Goals and Non-Goals | |||
| The immediate goal is to make the use of HTTP more robust in the face | The immediate goal is to make the use of HTTP more robust in the face | |||
| of pervasive passive monitoring [RFC7258]. | of pervasive passive monitoring [RFC7258]. | |||
| A secondary (but significant) goal is to provide for ease of | A secondary (but significant) goal is to provide for ease of | |||
| implementation, deployment and operation. This mechanism is expected | implementation, deployment and operation. This mechanism is expected | |||
| skipping to change at page 3, line 20 ¶ | skipping to change at page 3, line 9 ¶ | |||
| The immediate goal is to make the use of HTTP more robust in the face | The immediate goal is to make the use of HTTP more robust in the face | |||
| of pervasive passive monitoring [RFC7258]. | of pervasive passive monitoring [RFC7258]. | |||
| A secondary (but significant) goal is to provide for ease of | A secondary (but significant) goal is to provide for ease of | |||
| implementation, deployment and operation. This mechanism is expected | implementation, deployment and operation. This mechanism is expected | |||
| to have a minimal impact upon performance, and require a trivial | to have a minimal impact upon performance, and require a trivial | |||
| administrative effort to configure. | administrative effort to configure. | |||
| Preventing active attacks (such as a Man-in-the-Middle) is a non-goal | Preventing active attacks (such as a Man-in-the-Middle) is a non-goal | |||
| for this specification. Furthermore, this specification is not | for this specification. Furthermore, this specification is not | |||
| intended to replace or offer an alternative to "https", since it both | intended to replace or offer an alternative to "https", since "https" | |||
| prevents active attacks and invokes a more stringent security model | both prevents active attacks and invokes a more stringent security | |||
| in most clients. | model in most clients. | |||
| 1.2. Notational Conventions | 1.2. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Using HTTP URIs over TLS | 2. Using HTTP URIs over TLS | |||
| An origin server that supports the resolution of "http" URIs can | An origin server that supports the resolution of "http" URIs can | |||
| skipping to change at page 4, line 31 ¶ | skipping to change at page 4, line 19 ¶ | |||
| It is possible that the server might become confused about whether | It is possible that the server might become confused about whether | |||
| requests' URLs have a "http" or "https" scheme, for various reasons; | requests' URLs have a "http" or "https" scheme, for various reasons; | |||
| see Section 4.4. To ensure that the alternative service has opted | see Section 4.4. To ensure that the alternative service has opted | |||
| into serving "http" URLs over TLS, clients are required to perform | into serving "http" URLs over TLS, clients are required to perform | |||
| additional checks before directing "http" requests to it. | additional checks before directing "http" requests to it. | |||
| Clients MUST NOT send "http" requests over a secured connection, | Clients MUST NOT send "http" requests over a secured connection, | |||
| unless the chosen alternative service presents a certificate that is | unless the chosen alternative service presents a certificate that is | |||
| valid for the origin as defined in [RFC2818]. Using an authenticated | valid for the origin as defined in [RFC2818]. Using an authenticated | |||
| alternative service establishes "reasonable assurances" for the | alternative service establishes "reasonable assurances" for the | |||
| purposes of {RFC7838}}. In addition to authenticating the server, | purposes of [RFC7838]. In addition to authenticating the server, the | |||
| the client MUST have obtained a valid http-opportunistic response for | client MUST have obtained a valid http-opportunistic response for an | |||
| an origin (as per Section 2.3) using the authenticated connection. | origin (as per Section 2.3) using the authenticated connection. An | |||
| An exception to the latter restriction is made for requests for the | exception to the latter restriction is made for requests for the | |||
| "http-opportunistic" well-known URI. | "http-opportunistic" well-known URI. | |||
| For example, assuming the following request is made over a TLS | For example, assuming the following request is made over a TLS | |||
| connection that is successfully authenticated for those origins, the | connection that is successfully authenticated for those origins, the | |||
| following request/response pair would allow requests for the origins | following request/response pair would allow requests for the origins | |||
| "http://www.example.com" or "http://example.com" to be sent using a | "http://www.example.com" or "http://example.com" to be sent using a | |||
| secured connection: | secured connection: | |||
| HEADERS | HEADERS | |||
| + END_STREAM | + END_STREAM | |||
| + END_HEADERS | + END_HEADERS | |||
| :method = GET | :method = GET | |||
| :scheme = http | :scheme = http | |||
| :authority = example.com | ||||
| :path = /.well-known/http-opportunistic | :path = /.well-known/http-opportunistic | |||
| host: example.com | ||||
| HEADERS | HEADERS | |||
| :status = 200 | :status = 200 | |||
| content-type = application/json | content-type = application/json | |||
| DATA | DATA | |||
| + END_STREAM | + END_STREAM | |||
| [ "http://www.example.com", "http://example.com" ] | [ "http://www.example.com", "http://example.com" ] | |||
| Though this document describes multiple origins, this is only for | Though this document describes multiple origins, this is only for | |||
| operational convenience. Only a request made to an origin (over an | operational convenience. Only a request made to an origin (over an | |||
| skipping to change at page 6, line 50 ¶ | skipping to change at page 6, line 27 ¶ | |||
| o Change Controller: IETF | o Change Controller: IETF | |||
| o Specification Document(s): Section 2.3 of [this specification] | o Specification Document(s): Section 2.3 of [this specification] | |||
| o Related Information: | o Related Information: | |||
| 4. Security Considerations | 4. Security Considerations | |||
| 4.1. Security Indicators | 4.1. Security Indicators | |||
| User Agents MUST NOT provide any special security indicia when an | User Agents MUST NOT provide any special security indicators when an | |||
| "http" resource is acquired using TLS. In particular, indicators | "http" resource is acquired using TLS. In particular, indicators | |||
| that might suggest the same level of security as "https" MUST NOT be | that might suggest the same level of security as "https" MUST NOT be | |||
| used (e.g., a "lock device"). | used (e.g., a "lock device"). | |||
| 4.2. Downgrade Attacks | 4.2. Downgrade Attacks | |||
| A downgrade attack against the negotiation for TLS is possible. | A downgrade attack against the negotiation for TLS is possible. | |||
| For example, because the "Alt-Svc" header field [RFC7838] likely | For example, because the "Alt-Svc" header field [RFC7838] likely | |||
| appears in an unauthenticated and unencrypted channel, it is subject | appears in an unauthenticated and unencrypted channel, it is subject | |||
| skipping to change at page 7, line 44 ¶ | skipping to change at page 7, line 24 ¶ | |||
| HTTP/1.1), or it may be because how the server and application are | HTTP/1.1), or it may be because how the server and application are | |||
| implemented (often, they are two separate entities, with a variety of | implemented (often, they are two separate entities, with a variety of | |||
| possible interfaces between them). | possible interfaces between them). | |||
| Any security decisions based upon this information could be misled by | Any security decisions based upon this information could be misled by | |||
| the deployment of this specification, because it violates the | the deployment of this specification, because it violates the | |||
| assumption that the use of TLS (or port 443) means that the client is | assumption that the use of TLS (or port 443) means that the client is | |||
| accessing a HTTPS URI, and operating in the security context implied | accessing a HTTPS URI, and operating in the security context implied | |||
| by HTTPS. | by HTTPS. | |||
| Therefore, servers need to carefully examine the use of such signals | Therefore, server implementers and administrators need to carefully | |||
| before deploying this specification. | examine the use of such signals before deploying this specification. | |||
| 4.5. Server Controls | 4.5. Server Controls | |||
| This specification requires that a server send both an Alternative | This specification requires that a server send both an Alternative | |||
| Service advertisement and host content in a well-known location to | Service advertisement and host content in a well-known location to | |||
| send HTTP requests over TLS. Servers SHOULD take suitable measures | send HTTP requests over TLS. Servers SHOULD take suitable measures | |||
| to ensure that the content of the well-known resource remains under | to ensure that the content of the well-known resource remains under | |||
| their control. Likewise, because the Alt-Svc header field is used to | their control. Likewise, because the Alt-Svc header field is used to | |||
| describe policies across an entire origin, servers SHOULD NOT permit | describe policies across an entire origin, servers SHOULD NOT permit | |||
| user content to set or modify the value of this header. | user content to set or modify the value of this header. | |||
| End of changes. 17 change blocks. | ||||
| 44 lines changed or deleted | 34 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||