TLS will sign everything and therefor will not allow fine-grained integrity
checking. Why do we want this? Middleboxes might alter some non-security
sensitive information and I don't want to drop those requests. But I am
looking into TLS already to see if I can use it for my purpose. We
certainly don't want the full encryption or authentication that TLS can
offer. No encryption since we don't want to interfere with caching and no
authentication since setting up the certificates is often one of the
reasons for small web apps not to use TLS. You have to get your certificate
from an authority, keep it safe, install it and pay for it. We notice that
adoption of TLS is not as great as we'd like it to be for securing cookie
based session management so we need an alternative that will be adopted
more easily and guarantee security of sessions better than plain cookie
based session management. As a thesis it is an interesting subject to study
although it's quite probable that the people too busy to use TLS will also
be too busy to use our session management mechanism.

Using TLS without certificates is only possible with the DH_Anon
cyphersuite which is often disabled by clients and server.

" The server MUST send a Certificate message whenever the agreed-

      upon key exchange method uses certificates for authentication
      (this includes all key exchange methods defined in this document
      except DH_anon)." RFC 5246 (TLS 1.2)


" The following cipher suites are used for completely anonymous

   Diffie-Hellman communications in which neither party is
   authenticated.  Note that this mode is vulnerable to man-in-the-
   middle attacks.  Using this mode therefore is of limited use: These
   cipher suites MUST NOT be used by TLS 1.2 implementations unless the
   application layer has specifically requested to allow anonymous key
   exchange." RFC 5246


Also we want to support mixed content web apps without having the risk of
being vulnerable to session hijacking. Some of these properties can be
obtained by using SSL session identifier in Tomcat as your session
mechanism. Again, I am still doing some research and maybe what I am doing
is not worth it.

2015-11-24 11:36 GMT+01:00 Mark Thomas <ma...@apache.org>:

> On 24/11/2015 10:12, Roel Storms wrote:
> > It's to implement a new session mechanism that guarantees integrity of
> the
> > requests sent in the session and also protect the session from attacks
> > based on stealing or replacing the session identifier. This is a thesis
> I'm
> > working on and this Tomcat valve should prove that migration from cookie
> > base session management to this new session management can go without
> large
> > modifications at client and server-side. That's why it is important to
> make
> > it transparent to the user/developer. Performance is already going to be
> an
> > issue in multiple places but I'll see what I can come up with.
> >
> > I am weighing of transparency, ease of migration, performance and
> security
> > all the time. Checking at the Apache httpd level will make it harder to
> > migrate to this new session management mechanism and has some other
> > disadvantages. In theory i could do this session management in a proxy
> but
> > this has it's own disadvantages. Session scope is an important aspect in
> > it's security and scope is harder to get right in a proxy or in the httpd
> > server since I want to limit scope to the web application context and
> maybe
> > allow explicit session sharing between web applications. As you can see I
> > still have a lot to do. If I need any more information I will not
> hesitate
> > to ask. Thanks for all the info!
>
> What does this get you over and above using TLS (which is rapidly
> becoming a given due to HTTP/2) and configuring Tomcat to use the TLS
> session ID as the HTTP session identifier?
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to