Hi,
The taxonomy document needs to cover security issues. We do not want to
duplicate other efforts, and I would like to know what issues should be
covered (in your opinion)
Some text on the subject of proxies and caching is written in
draft-ietf-http-v11-spec-rev-06.txt
section 15.7 (appended)
Most of the section relates to man-in-the-middle attacks.
Security related to each of the protocols and mechanisms used should,
in my opinion be covered it the documentation for that specific
protocol.
So far my list if security issues goes
man in the middle attacks
between components
corrupted components (proxies, replication servers)
denial of service
see individual protocol: ICP, WCCP, WPAD, HTCP, ...
see generic proxy advice
see HTTP specification
Some potential issues
trusted parties
stupid configuration (know what you do if you override
Cache-control)
privacy: logs, communication, objects
Do we need to include the rathole issue of transient copies potentially being
illegal in some countries?
Ingrid
Quoted from HTTP/1.1bis:
> 15.7 Proxies and Caching
>
> By their very nature, HTTP proxies are men-in-the-middle, and
> represent an opportunity for man-in-the-middle attacks. Compromise of
> the systems on which the proxies run can result in serious security
> and privacy problems. Proxies have access to security-related
> information, personal information about individual users and
> organizations, and proprietary information belonging to users and
> content providers. A compromised proxy, or a proxy implemented or
> configured without regard to security and privacy considerations,
> might be used in the commission of a wide range of potential attacks.
>
> Proxy operators should protect the systems on which proxies run as
> they would protect any system that contains or transports sensitive
> information. In particular, log information gathered at proxies often
> contains highly sensitive personal information, and/or information
> about organizations. Log information should be carefully guarded, and
> appropriate guidelines for use developed and followed. (Section
> 15.1.1).
>
> Caching proxies provide additional potential vulnerabilities, since
> the contents of the cache represent an attractive target for
> malicious exploitation. Because cache contents persist after an HTTP
> request is complete, an attack on the cache can reveal information
> long after a user believes that the information has been removed from
> the network. Therefore, cache contents should be protected as
> sensitive information.
>
> Proxy implementors should consider the privacy and security
> implications of their design and coding decisions, and of the
> configuration options they provide to proxy operators (especially the
> default configuration).
>
> Users of a proxy need to be aware that they are no trustworthier than
> the people who run the proxy; HTTP itself cannot solve this problem.
>
> The judicious use of cryptography, when appropriate, may suffice to
> protect against a broad range of security and privacy attacks. Such
> cryptography is beyond the scope of the HTTP/1.1 specification.
>
>
> 15.7.1 Denial of Service Attacks on Proxies
>
> They exist. They are hard to defend against. Research continues.
> Beware.
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:25 MST