draft-ietf-httpbis-cookie-alone-01.txt   draft-ietf-httpbis-cookie-alone-latest.txt 
HTTP Working Group M. West HTTP Working Group M. West
Internet-Draft Google, Inc Internet-Draft Google, Inc
Updates: 6265 (if approved) September 5, 2016 Updates: 6265 (if approved) August 9, 2017
Intended status: Standards Track Intended status: Standards Track
Expires: March 9, 2017 Expires: February 10, 2018
Deprecate modification of 'secure' cookies from non-secure origins Deprecate modification of 'secure' cookies from non-secure origins
draft-ietf-httpbis-cookie-alone-01 draft-ietf-httpbis-cookie-alone-latest
Abstract Abstract
This document updates RFC6265 by removing the ability for a non- This document updates RFC6265 by removing the ability for a non-
secure origin to set cookies with a 'secure' flag, and to overwrite secure origin to set cookies with a 'secure' flag, and to overwrite
cookies whose 'secure' flag is set. This deprecation improves the cookies whose 'secure' flag is set. This deprecation improves the
isolation between HTTP and HTTPS origins, and reduces the risk of isolation between HTTP and HTTPS origins, and reduces the risk of
malicious interference. malicious interference.
Note to Readers Note to Readers
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
https://lists.w3.org/Archives/Public/ietf-http-wg/. https://lists.w3.org/Archives/Public/ietf-http-wg/.
Working Group information can be found at http://httpwg.github.io/; Working Group information can be found at http://httpwg.github.io/;
source code and issues list for this draft can be found at source code and issues list for this draft can be found at
https://github.com/httpwg/http-extensions/labels/cookie-alone. https://github.com/httpwg/http-extensions/labels/cookie-alone.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 9, 2017. This Internet-Draft will expire on February 10, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology and notation . . . . . . . . . . . . . . . . . . . 3 2. Terminology and notation . . . . . . . . . . . . . . . . . . 3
3. Recommendations . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. Normative References . . . . . . . . . . . . . . . . . . . 5 5.1. Normative References . . . . . . . . . . . . . . . . . . 4
5.2. Informative References . . . . . . . . . . . . . . . . . . 5 5.2. Informative References . . . . . . . . . . . . . . . . . 5
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 6 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 6 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . 5
B.1. Since -00 . . . . . . . . . . . . . . . . . . . . . . . . . 6 B.1. Since -00 . . . . . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
Section 8.5 and Section 8.6 of [RFC6265] spell out some of the Section 8.5 and Section 8.6 of [RFC6265] spell out some of the
drawbacks of cookies' implementation: due to historical accident, drawbacks of cookies' implementation: due to historical accident,
non-secure origins can set cookies which will be delivered to secure non-secure origins can set cookies which will be delivered to secure
origins in a manner indistinguishable from cookies set by that origin origins in a manner indistinguishable from cookies set by that origin
itself. This enables a number of attacks, which have been recently itself. This enables a number of attacks, which have been recently
spelled out in some detail in [COOKIE-INTEGRITY]. spelled out in some detail in [COOKIE-INTEGRITY].
skipping to change at page 5, line 14 skipping to change at page 5, line 6
The proposal in [COOKIE-PREFIXES] could mitigate this risk, as could The proposal in [COOKIE-PREFIXES] could mitigate this risk, as could
"preloading" HSTS for "example.com" into the user agent "preloading" HSTS for "example.com" into the user agent
[HSTS-PRELOADING]. [HSTS-PRELOADING].
5. References 5. References
5.1. Normative References 5.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119,
RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>. <http://www.rfc-editor.org/info/rfc3986>.
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265,
DOI 10.17487/RFC6265, April 2011, DOI 10.17487/RFC6265, April 2011,
<http://www.rfc-editor.org/info/rfc6265>. <http://www.rfc-editor.org/info/rfc6265>.
5.2. Informative References 5.2. Informative References
[COOKIE-INTEGRITY] [COOKIE-INTEGRITY]
Zheng, X., Jiang, J., Liang, J., Duan, H., Chen, S., Wan, Zheng, X., Jiang, J., Liang, J., Duan, H., Chen, S., Wan,
T., and N. Weaver, "Cookies Lack Integrity: Real-World T., and N. Weaver, "Cookies Lack Integrity: Real-World
Implications", August 2015, <https://www.usenix.org/ Implications", August 2015,
conference/usenixsecurity15/technical-sessions/ <https://www.usenix.org/conference/usenixsecurity15/
presentation/zheng>. technical-sessions/presentation/zheng>.
[COOKIE-PREFIXES] [COOKIE-PREFIXES]
West, M., "Cookie Prefixes", 2016, <https:// West, M., "Cookie Prefixes", 2016,
tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes>. <https://tools.ietf.org/html/draft-ietf-httpbis-cookie-
prefixes>.
[HSTS-PRELOADING] [HSTS-PRELOADING]
"HSTS Preload Submission", n.d., "HSTS Preload Submission", n.d.,
<https://hstspreload.appspot.com/>. <https://hstspreload.appspot.com/>.
[RFC6797] Hodges, J., Jackson, C., and A. Barth, "HTTP Strict [RFC6797] Hodges, J., Jackson, C., and A. Barth, "HTTP Strict
Transport Security (HSTS)", RFC 6797, DOI 10.17487/ Transport Security (HSTS)", RFC 6797,
RFC6797, November 2012, DOI 10.17487/RFC6797, November 2012,
<http://www.rfc-editor.org/info/rfc6797>. <http://www.rfc-editor.org/info/rfc6797>.
Appendix A. Acknowledgements Appendix A. Acknowledgements
Richard Barnes encouraged a formalization of the deprecation Richard Barnes encouraged a formalization of the deprecation
proposal. [COOKIE-INTEGRITY] was a useful exploration of the issues proposal. [COOKIE-INTEGRITY] was a useful exploration of the issues
[RFC6265] described. [RFC6265] described.
Appendix B. Changes Appendix B. Changes
B.1. Since -00 B.1. Since -00
o Issue 223 addressed by adding a path-match constraint to the o Issue 223 addressed by adding a path-match constraint to the
storage algorithm for non-secure cookies. This ensures that non- storage algorithm for non-secure cookies. This ensures that non-
secure cookies cannot overlay secure cookies for a given path, but secure cookies cannot overlay secure cookies for a given path, but
allows secure and non-secure cookies with the same name to exist allows secure and non-secure cookies with the same name to exist
on distinct paths. on distinct paths.
Author's Address Author's Address
 End of changes. 12 change blocks. 
27 lines changed or deleted 27 lines changed or added

This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/