Changeset 1588 for draft-ietf-httpbis/latest/p1-messaging.xml
- Timestamp:
- 12/03/12 08:19:08 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.xml
r1586 r1588 3706 3706 A server is in the position to save personal data about a user's 3707 3707 requests which might identify their reading patterns or subjects of 3708 interest. This information is clearly confidential in nature and its 3709 handling can be constrained by law in certain countries. People using 3710 HTTP to provide data are responsible for ensuring that 3711 such material is not distributed without the permission of any 3712 individuals that are identifiable by the published results. 3708 interest. In particular, log information gathered at an intermediary 3709 often contains a history of user agent interaction, across a multitude 3710 of sites, that can be traced to individual users. 3711 </t> 3712 <t> 3713 HTTP log information is confidential in nature; its handling is often 3714 constrained by laws and regulations. Log information needs to be securely 3715 stored and appropriate guidelines followed for its analysis. 3716 Anonymization of personal information within individual entries helps, 3717 but is generally not sufficient to prevent real log traces from being 3718 re-identified based on correlation with other access characteristics. 3719 As such, access traces that are keyed to a specific client should not 3720 be published even if the key is pseudonymous. 3721 </t> 3722 <t> 3723 To minimize the risk of theft or accidental publication, log information 3724 should be purged of personally identifiable information, including 3725 user identifiers, IP addresses, and user-provided query parameters, 3726 as soon as that information is no longer necessary to support operational 3727 needs for security, auditing, or fraud control. 3713 3728 </t> 3714 3729 </section> … … 3745 3760 </section> 3746 3761 3747 <section title=" Proxies and Caching" anchor="attack.proxies">3748 <t> 3749 By their very nature, HTTP proxies are men-in-the-middle, and3762 <section title="Intermediaries and Caching" anchor="attack.intermediaries"> 3763 <t> 3764 By their very nature, HTTP intermediaries are men-in-the-middle, and 3750 3765 represent an opportunity for man-in-the-middle attacks. Compromise of 3751 the systems on which the proxies run can result in serious security3752 and privacy problems. Proxies have access to security-related3766 the systems on which the intermediaries run can result in serious security 3767 and privacy problems. Intermediaries have access to security-related 3753 3768 information, personal information about individual users and 3754 3769 organizations, and proprietary information belonging to users and 3755 content providers. A compromised proxy, or a proxy implemented or 3756 configured without regard to security and privacy considerations, 3757 might be used in the commission of a wide range of potential attacks. 3758 </t> 3759 <t> 3760 Proxy operators need to protect the systems on which proxies run as 3761 they would protect any system that contains or transports sensitive 3762 information. In particular, log information gathered at proxies often 3763 contains highly sensitive personal information, and/or information 3764 about organizations. Log information needs to be carefully guarded, and 3765 appropriate guidelines for use need to be developed and followed. 3766 (<xref target="abuse.of.server.log.information"/>). 3767 </t> 3768 <t> 3769 Proxy implementors need to consider the privacy and security 3770 content providers. A compromised intermediary, or an intermediary 3771 implemented or configured without regard to security and privacy 3772 considerations, might be used in the commission of a wide range of 3773 potential attacks. 3774 </t> 3775 <t> 3776 Intermediaries that contain a shared cache are especially vulnerable 3777 to cache poisoning attacks. 3778 </t> 3779 <t> 3780 Implementors need to consider the privacy and security 3770 3781 implications of their design and coding decisions, and of the 3771 configuration options they provide to proxyoperators (especially the3782 configuration options they provide to operators (especially the 3772 3783 default configuration). 3773 3784 </t> 3774 3785 <t> 3775 Users of a proxy need to be aware that proxies are no more trustworthy than3786 Users need to be aware that intermediaries are no more trustworthy than 3776 3787 the people who run them; HTTP itself cannot solve this problem. 3777 3788 </t> … … 3807 3818 phrases, header field-names, and body chunks) &SHOULD; be limited by 3808 3819 implementations carefully, so as to not impede interoperability. 3809 </t>3810 </section>3811 3812 <section title="Denial of Service Attacks on Proxies" anchor="attack.DoS">3813 <t>3814 They exist. They are hard to defend against. Research continues.3815 Beware.3816 3820 </t> 3817 3821 </section>
Note: See TracChangeset
for help on using the changeset viewer.