Ignore:
Timestamp:
Mar 12, 2012, 1:19:08 AM (8 years ago)
Author:
fielding@…
Message:

clean up some of the nonsense in security considerations

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p1-messaging.html

    r1586 r1588  
    460460  }
    461461  @bottom-center {
    462        content: "Expires September 12, 2012";
     462       content: "Expires September 13, 2012";
    463463  }
    464464  @bottom-right {
     
    502502      <meta name="dct.creator" content="Reschke, J. F.">
    503503      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p1-messaging-latest">
    504       <meta name="dct.issued" scheme="ISO8601" content="2012-03-11">
     504      <meta name="dct.issued" scheme="ISO8601" content="2012-03-12">
    505505      <meta name="dct.replaces" content="urn:ietf:rfc:2145">
    506506      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
     
    534534            </tr>
    535535            <tr>
    536                <td class="left">Expires: September 12, 2012</td>
     536               <td class="left">Expires: September 13, 2012</td>
    537537               <td class="right">greenbytes</td>
    538538            </tr>
    539539            <tr>
    540540               <td class="left"></td>
    541                <td class="right">March 11, 2012</td>
     541               <td class="right">March 12, 2012</td>
    542542            </tr>
    543543         </tbody>
     
    572572         in progress”.
    573573      </p>
    574       <p>This Internet-Draft will expire on September 12, 2012.</p>
     574      <p>This Internet-Draft will expire on September 13, 2012.</p>
    575575      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    576576      <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    706706               <li>8.3&nbsp;&nbsp;&nbsp;<a href="#attack.pathname">Attacks Based On File and Path Names</a></li>
    707707               <li>8.4&nbsp;&nbsp;&nbsp;<a href="#dns.related.attacks">DNS-related Attacks</a></li>
    708                <li>8.5&nbsp;&nbsp;&nbsp;<a href="#attack.proxies">Proxies and Caching</a></li>
     708               <li>8.5&nbsp;&nbsp;&nbsp;<a href="#attack.intermediaries">Intermediaries and Caching</a></li>
    709709               <li>8.6&nbsp;&nbsp;&nbsp;<a href="#attack.protocol.element.size.overflows">Protocol Element Size Overflows</a></li>
    710                <li>8.7&nbsp;&nbsp;&nbsp;<a href="#attack.DoS">Denial of Service Attacks on Proxies</a></li>
    711710            </ul>
    712711         </li>
     
    26432642      <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a>&nbsp;<a id="abuse.of.server.log.information" href="#abuse.of.server.log.information">Abuse of Server Log Information</a></h2>
    26442643      <p id="rfc.section.8.2.p.1">A server is in the position to save personal data about a user's requests which might identify their reading patterns or subjects
    2645          of interest. This information is clearly confidential in nature and its handling can be constrained by law in certain countries.
    2646          People using HTTP to provide data are responsible for ensuring that such material is not distributed without the permission
    2647          of any individuals that are identifiable by the published results.
     2644         of interest. In particular, log information gathered at an intermediary often contains a history of user agent interaction,
     2645         across a multitude of sites, that can be traced to individual users.
     2646      </p>
     2647      <p id="rfc.section.8.2.p.2">HTTP log information is confidential in nature; its handling is often constrained by laws and regulations. Log information
     2648         needs to be securely stored and appropriate guidelines followed for its analysis. Anonymization of personal information within
     2649         individual entries helps, but is generally not sufficient to prevent real log traces from being re-identified based on correlation
     2650         with other access characteristics. As such, access traces that are keyed to a specific client should not be published even
     2651         if the key is pseudonymous.
     2652      </p>
     2653      <p id="rfc.section.8.2.p.3">To minimize the risk of theft or accidental publication, log information should be purged of personally identifiable information,
     2654         including user identifiers, IP addresses, and user-provided query parameters, as soon as that information is no longer necessary
     2655         to support operational needs for security, auditing, or fraud control.
    26482656      </p>
    26492657      <h2 id="rfc.section.8.3"><a href="#rfc.section.8.3">8.3</a>&nbsp;<a id="attack.pathname" href="#attack.pathname">Attacks Based On File and Path Names</a></h2>
     
    26612669         validity of an IP number/DNS name association unless the response is protected by DNSSec (<a href="#RFC4033" id="rfc.xref.RFC4033.1"><cite title="DNS Security Introduction and Requirements">[RFC4033]</cite></a>).
    26622670      </p>
    2663       <h2 id="rfc.section.8.5"><a href="#rfc.section.8.5">8.5</a>&nbsp;<a id="attack.proxies" href="#attack.proxies">Proxies and Caching</a></h2>
    2664       <p id="rfc.section.8.5.p.1">By their very nature, HTTP proxies are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks. Compromise
    2665          of the systems on which the proxies run can result in serious security and privacy problems. Proxies have access to security-related
    2666          information, personal information about individual users and organizations, and proprietary information belonging to users
    2667          and content providers. A compromised proxy, or a proxy implemented or configured without regard to security and privacy considerations,
    2668          might be used in the commission of a wide range of potential attacks.
    2669       </p>
    2670       <p id="rfc.section.8.5.p.2">Proxy operators need to protect the systems on which proxies run as they would protect any system that contains or transports
    2671          sensitive information. In particular, log information gathered at proxies often contains highly sensitive personal information,
    2672          and/or information about organizations. Log information needs to be carefully guarded, and appropriate guidelines for use
    2673          need to be developed and followed. (<a href="#abuse.of.server.log.information" title="Abuse of Server Log Information">Section&nbsp;8.2</a>).
    2674       </p>
    2675       <p id="rfc.section.8.5.p.3">Proxy implementors need to consider the privacy and security implications of their design and coding decisions, and of the
    2676          configuration options they provide to proxy operators (especially the default configuration).
    2677       </p>
    2678       <p id="rfc.section.8.5.p.4">Users of a proxy need to be aware that proxies are no more trustworthy than the people who run them; HTTP itself cannot solve
     2671      <h2 id="rfc.section.8.5"><a href="#rfc.section.8.5">8.5</a>&nbsp;<a id="attack.intermediaries" href="#attack.intermediaries">Intermediaries and Caching</a></h2>
     2672      <p id="rfc.section.8.5.p.1">By their very nature, HTTP intermediaries are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks.
     2673         Compromise of the systems on which the intermediaries run can result in serious security and privacy problems. Intermediaries
     2674         have access to security-related information, personal information about individual users and organizations, and proprietary
     2675         information belonging to users and content providers. A compromised intermediary, or an intermediary implemented or configured
     2676         without regard to security and privacy considerations, might be used in the commission of a wide range of potential attacks.
     2677      </p>
     2678      <p id="rfc.section.8.5.p.2">Intermediaries that contain a shared cache are especially vulnerable to cache poisoning attacks.</p>
     2679      <p id="rfc.section.8.5.p.3">Implementors need to consider the privacy and security implications of their design and coding decisions, and of the configuration
     2680         options they provide to operators (especially the default configuration).
     2681      </p>
     2682      <p id="rfc.section.8.5.p.4">Users need to be aware that intermediaries are no more trustworthy than the people who run them; HTTP itself cannot solve
    26792683         this problem.
    26802684      </p>
     
    26932697      <p id="rfc.section.8.6.p.4">Other fields (including but not limited to request methods, response status phrases, header field-names, and body chunks) <em class="bcp14">SHOULD</em> be limited by implementations carefully, so as to not impede interoperability.
    26942698      </p>
    2695       <h2 id="rfc.section.8.7"><a href="#rfc.section.8.7">8.7</a>&nbsp;<a id="attack.DoS" href="#attack.DoS">Denial of Service Attacks on Proxies</a></h2>
    2696       <p id="rfc.section.8.7.p.1">They exist. They are hard to defend against. Research continues. Beware.</p>
    26972699      <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;<a id="acks" href="#acks">Acknowledgments</a></h1>
    26982700      <p id="rfc.section.9.p.1">This edition of HTTP builds on the many contributions that went into <a href="#RFC1945" id="rfc.xref.RFC1945.2">RFC 1945</a>, <a href="#RFC2068" id="rfc.xref.RFC2068.5">RFC 2068</a>, <a href="#RFC2145" id="rfc.xref.RFC2145.3">RFC 2145</a>, and <a href="#RFC2616" id="rfc.xref.RFC2616.4">RFC 2616</a>, including substantial contributions made by the previous authors, editors, and working group chairs: Tim Berners-Lee, Ari
Note: See TracChangeset for help on using the changeset viewer.