I think security for proxy caches is a subject that would be really useful
to spend WG time on, and perhaps even talk about it in Oslo. Is this
premature, meaningwe should stick to the docs we will be
reviewing/presenting, before initiating a separate discussion about
security? What do you think about it as an agenda item for July?
I have been trying to think about a long-term approach to proxy security in
my own job. I think your point is well-made; there is no analogy to web
server (or other host) security, because of all the info about clients as
well as servers held by the proxy. The analogy would be to network elements
like routers, but with the stringency applied to web and other servers end
to end crypto of everything would make caching perhaps to hard to justify it
as a useful service.
Ingrid Melve wrote:
> Hi,
>
> A first outline of security considerations is appended. '
> I welcome comments, please cc the list.
>
> As most of the security considerations for HTTP traffic is
> covered in HTTP/1.1bis, I do not intend to copy those, but rather to
> point to them and emphasis the proxy and replication specific issues.
>
> Ingrid
>
> 9. Security Considerations
>
> [Ed note: more information needed]
>
> Information on security in each protocol is provided in the
> description of the protocol, and in the accompanying RFC for each
> protocol.
>
> Refer to section 15 in HTTP/1.1bis
> draft-ietf-http-v11-spec-rev-06.txt
>
> Man in the middle attacks
>
> Refer to HTTP/1.1bis, chapter 15.7
>
> HTTP proxies are men-in-the-middle, the perfect place for a man-in-
> the-middle-attack.
>
> Denial of service
>
> Individual protocols
>
> See documentation for each protocol for discussion of security
> issues.
>
> Trusted parties
>
> You need to trust your proxy.
>
> Stupid configuration
>
> It is quite easy to have a stupid configuration which will harm
> service for end users.
>
> Privacy
>
> Logs from proxies need to be kept secure, as they provide information
> about users and end user patterns. A proxy log is even more
> sensitive than a web server log, as all requests from the user
> population goes through the proxy. Logs from replication servers may
> need to be amalgated to get aggregated statistics from a service,
> transporting logs across borders may have legal implications. Log
> handling is restricted by law in some countries.
>
> Requirements for object security and privacy are the same in a web
> replication and caching system as it is in the Internet at large.
> The only reliable solution is strong cryptograpy. End to end
> encryption does not neccessarily make objects cacheable, as is the
> case of SSL encrypted web sessions.
>
> Communication [to be completed]
>
> Transient copies
>
> The legislative forces of the world are still out on the question of
> transient copies, like those kept in replication and caching system,
> being legal. Legal implications of replication and caching is
> subject to local law.
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:25 MST