Hi *,
A bit of feedback on the attack draft: 2.1: ``` In the context of Web traffic, these attacks are only effective if the client accesses a Web server using a mixture of HTTP and HTTPS. ``` I'm not entirely sure that this is correct. Maybe I'm just misunderstanding this sentence, but in the original presentation Moxie [0] describes an active MITM scenario, where any link could be rewritten from https to http - even if the destination Webserver would only allow for https. The MITM proxy may terminate HTTP and forward traffic as HTTPS (i.e. present itself as an https client to the server). This is why we have HSTS as far as I know. Am I missing something? 2.5: ``` 2.5. Compression Attacks: CRIME and BREACH ``` Would change to "CRIME, TIME and BREACH" as TIME is also mentioned in this subsection. 2.9: ``` 2.9. Triple Hanshake ``` Typo in "Hanshake" -> "Handshake". 2.11: mentions missing server certificate validation in Python 2 without a reference to this claim. Also missing is any mention of the (very recent) BlackHat USA 2014 talk and paper by Antoine Delignat-Lavaud [1] [2] on Vhost confusion attacks by downgrading to SSLv3. Since this poses a real world security issue I'm for adding a paragraph to this draft - which might also come in handy for the BCP as SSLv3 is currently being discussed to be changed to MUST NOT. Thanks for your time, Aaron [0] - https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf [1] - http://bh.ht.vc/bh_slides.pdf [2] - http://bh.ht.vc/vhost_confusion.pdf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
