HTTPbis | M. Bishop |
Internet-Draft | E. Nygren |
Updates: 8336 (if approved) | Akamai |
Intended status: Standards Track | January 8, 2019 |
Expires: July 12, 2019 |
DNS Security with HTTP/2 ORIGIN
draft-bishop-httpbis-origin-fed-up-latest
The definition of the HTTP/2 ORIGIN frame “relaxes” the requirement to check DNS for various reasons. However, experience has shown that such relaxation leads to security risks and is inadvisable. This document restores the original requirements.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 12, 2019.
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
[ORIGIN] describes a method whereby an HTTP/2 server can enumerate the HTTP origins for which it purports to be authoritative. This set can be greater or lesser than the set of origins over which the client might originally have considered the server to be authoritative. Of course, the client will generally not send requests to a server unless it considers the server to be authoritative for that origin.
Section 2.4 of [ORIGIN] states that:
In Section 4 of [ORIGIN], the attacks this enables are described, along with the note that “Clients that blindly trust the ORIGIN frame’s contents will be vulnerable to a large number of attacks. See Section 2.4 for mitigations.”
The mitigation recommended in Section 2.4 is to require the use of TLS and that the certificate presented be authoritative for the origin in question; the latter is a requirement already present in [HTTP2] for HTTP/2 connections using TLS. In Section 4, it is further recommended that:
Several methods of increasing certificate trust are referenced. However, during the discussion of [SecondaryCerts], the ability to perform attacks using a misissued or compromised certificate has been a concern. These attacks are fundamentally enabled by the relaxation of the requirement to verify DNS ownership, and ongoing community concern about these attacks demonstrates that there is no longer consensus that these checks do not serve a purpose.
[ORIGIN] leaves open-ended the decision of when to consider the certificate alone sufficient to trust a server’s claim of authority over an origin. However, it enumerates some possibilities:
These mitigations are assuredly helpful in assuring general certificate validity, but they fail to fully prevent attacks from misissued or compromised certificates. In particular, a certificate which is fraudulently obtained or compromised can remain usable by an attacker for nearly two weeks.
Certificate Transparency [RFC6962] defines an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves.
The expectation is that domain owners (or agents acting on their behalf) would actively monitor such logs for domains they control, verify that any newly-issued certificates are in fact legitimate, and have the certificate revoked if not.
This does significantly reduce the odds of a misissued certificate having a long usable lifetime. However, it does not reduce that lifetime to zero. A Signed Certificate Timestamp is not proof of inclusion in a Certificate Transparency log – it is a promise to include a certificate in a future log. Verification of certificate inclusion requires having a Signed Tree Head from that CT log which is newer than the SCT by at least that log’s “maximum merge delay.” [CertificateTransparency] A misissued certificate remains invisible to inspecting parties for up to this period of time, plus whatever time is required to detect the certificate after inclusion. The “maximum merge delay” of most CT logs is twenty-four hours. (See [GoogleTrustedCT], [AppleTrustedCT].)
Revocation checking has been a known challenge for TLS clients, with OCSP Stapling emerging as the solution of choice. While an OCSP endpoint can often be blocked by an attacker or otherwise be unavailable, the status_request TLS extension [RFC6066] can enable a client to request and the server to provide a recent OCSP response as part of the TLS handshake. This assists in verifying the non-revoked state of the certificate without creating a single point of failure.
However, the timeline for a revoked certificate still permits a surprising period of exercise, as described in [CABForum]:
This means that an attacker-held certificate remains potentially valid for use by an attacker for as long as eleven days following the discovery of a compromise or misissuance, plus any amount of time required to discover the situation.
Additionally, the fact that a certificate has not been revoked is not proof that the issuer was permitted to issue it in the first place. An attacker-controlled CA could be used to hijack any site and could return a fully normal OCSP response. This indicates that OCSP without a publicly-auditable CT entry does not provide sufficient proof, especially when private CAs are trusted by the user agent.
The primary reasons for avoiding the DNS resolution were two-fold. First and more simply, there is a latency cost to performing DNS resolutions, and this permits clients to minimize latency before issuing requests.
Second and more serious is the fact that DNS is typically performed over clear-text. In addition to the origin itself, other parties learn that the client is interested in contacting the origin:
By avoiding a DNS resolution for an origin, clients can avoid these parties gaining additional information. However, as described in this draft, doing so exposes clients to different security concerns.
Given recent developments such as DNS over TLS [DoT] and DNS over HTTPS [DoH], there are now alternative means to avoid disclosure of a client’s DNS activities to anyone other than the DNS server operator.
[DoT] or [DoH] can be used for DNS resolution when available in order to limit unnecessary disclosure of a client’s DNS activity to third parties.
In order to successfully use a fraudulent certificate, an attacker needs one of the following situations to occur:
Following the DNS verifications in [HTTP2], only the first two situations will result in the client considering the attacker authoritative for the victim domain. However, if the client relaxes DNS checks as specified in [ORIGIN], the latter two attack configurations become possible as well.
As a result, DNS resolution MUST continue to be performed prior to accepting a server as valid for an HTTP origin.
[ORIGIN] is modified as follows:
Clients that blindly trust the ORIGIN frame’s contents will be vulnerable to a large number of attacks.
Omitting the requirement to consult DNS when determining authority for an origin would mean that an attacker who possesses a valid certificate no longer needs to be on path to redirect traffic to them; instead of modifying DNS, they need only convince the user to visit another website in order to coalesce connections to the target onto their existing connection.
Before considering a server to be authoritative for any given origin, clients MUST validate that the destination IP address is valid for the origin either by direct DNS resolution or resolution of a validated Alternative Service [AltSvc].
This document has no actions for IANA.
[AltSvc] | Nottingham, M., McManus, P. and J. Reschke, "HTTP Alternative Services", RFC 7838, DOI 10.17487/RFC7838, April 2016. |
[DoH] | Hoffman, P. and P. McManus, "DNS Queries over HTTPS (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018. |
[DoT] | Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D. and P. Hoffman, "Specification for DNS over Transport Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 2016. |
[HTTP2] | Belshe, M., Peon, R. and M. Thomson, "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, May 2015. |
[ORIGIN] | Nottingham, M. and E. Nygren, "The ORIGIN HTTP/2 Frame", RFC 8336, DOI 10.17487/RFC8336, March 2018. |
[AppleTrustedCT] | "Certificate Transparency Policy", n.d.. |
[CABForum] | CA/Browser Forum, "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates", n.d.. |
[CertificateTransparency] | "Certificate Transparency: Getting Started", n.d.. |
[GoogleTrustedCT] | "List of Trusted CT Logs", n.d.. |
[RFC6066] | Eastlake 3rd, D., "Transport Layer Security (TLS) Extensions: Extension Definitions", RFC 6066, DOI 10.17487/RFC6066, January 2011. |
[RFC6960] | Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S. and C. Adams, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", RFC 6960, DOI 10.17487/RFC6960, June 2013. |
[RFC6962] | Laurie, B., Langley, A. and E. Kasper, "Certificate Transparency", RFC 6962, DOI 10.17487/RFC6962, June 2013. |
[SecondaryCerts] | Bishop, M., Sullivan, N. and M. Thomson, "Secondary Certificate Authentication in HTTP/2", Internet-Draft draft-ietf-httpbis-http2-secondary-certs-03, October 2018. |