Ignore:
Timestamp:
19/01/13 14:45:56 (10 years ago)
Author:
fielding@…
Message:

add a security consideration for entity-tag tracking

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p4-conditional.html

    r2129 r2130  
    12071207      <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
    12081208      <p id="rfc.section.7.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to the HTTP/1.1
    1209          conditional request mechanisms. No additional security considerations have been identified beyond those applicable to HTTP
    1210          messaging <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
     1209         conditional request mechanisms. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>.
    12111210      </p>
    12121211      <p id="rfc.section.7.p.2">The validators defined by this specification are not intended to ensure the validity of a representation, guard against malicious
     
    12141213         writes when all participants are behaving nicely. At worst, the conditions will fail and the client will receive a response
    12151214         that is no more harmful than an HTTP exchange without conditional requests.
     1215      </p>
     1216      <p id="rfc.section.7.p.3">An entity-tag can be abused in ways that create privacy risks. For example, a site might deliberately construct a semantically
     1217         invalid entity-tag that is unique to the user or user agent, send it in a cacheable response with a long freshness time, and
     1218         then read that entity-tag in later conditional requests as a means of re-identifying that user or user agent. Such an identifying
     1219         tag would become a persistent identifier for as long as the user agent retained the original cache entry. User agents that
     1220         cache representations ought to ensure that the cache is cleared or replaced whenever the user performs privacy-maintaining
     1221         actions, such as clearing stored cookies or changing to a private browsing mode.
    12161222      </p>
    12171223      <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="acks" href="#acks">Acknowledgments</a></h1>

  • draft-ietf-httpbis/latest/p4-conditional.xml

    r2129 r2130  
    11071107   This section is meant to inform developers, information providers, and
    11081108   users of known security concerns specific to the HTTP/1.1 conditional
    1109    request mechanisms. No additional security considerations have been
    1110    identified beyond those applicable to HTTP messaging &messaging; and
    1111    semantics &semantics;.
     1109   request mechanisms. More general security considerations are addressed
     1110   in HTTP messaging &messaging; and semantics &semantics;.
    11121111</t>
    11131112<t>
     
    11191118   response that is no more harmful than an HTTP exchange without conditional
    11201119   requests.
     1120</t>
     1121<t>
     1122   An entity-tag can be abused in ways that create privacy risks. For example,
     1123   a site might deliberately construct a semantically invalid entity-tag that
     1124   is unique to the user or user agent, send it in a cacheable response with a
     1125   long freshness time, and then read that entity-tag in later conditional
     1126   requests as a means of re-identifying that user or user agent. Such an
     1127   identifying tag would become a persistent identifier for as long as the
     1128   user agent retained the original cache entry. User agents that cache
     1129   representations ought to ensure that the cache is cleared or replaced
     1130   whenever the user performs privacy-maintaining actions, such as clearing
     1131   stored cookies or changing to a private browsing mode.
    11211132</t>
    11221133</section>
Note: See TracChangeset for help on using the changeset viewer.