<no hats> My feeling is that both (a) and (b) would be worth doing. Though not sure on the best approach yet. Best regards, Tobias
On 20/08/13 01:44, Trevor Perrin wrote: > To pick this up again, it would be great to have: > > (a) Some cryptographic binding for cookies, either using asymmetric > crypto (ChannelID) or symmetric (Smart Cookies), to prevent them being > useable when transferred between browsers. > > (b) Some origin-binding for cookies to prevent them leaking to > subdomains and being forced by other domains (Origin Cookies). > > > Both (a) and (b) address the threats of cookie-forcing and > cookie-stealing, but neither is a complete replacement for the other: > > (a) Cryptographic binding of cookies would not prevent an attacker > who controls related domains from: > - deleting cookies > - stealing a cookie from user A and then forcing it back to A, > later, to roll-back the cookie to an earlier value > > (b) Origin binding of cookies would not protect against a failure in > TLS confidentiality that exposes the cookie's value. > > > Questions > ========= > * Are both (a) and (b) worth doing? Should we prioritize one? > > * Regarding ChannelID vs Smart Cookies: ChannelID provides a > "bindable" identifier that could be used for other things besides > cookies (OAuth tokens? other?). But it also requires TLS changes and > an additional signing operation on the client. The Smart Cookie > approach is more efficient but also narrowly scoped to cookies. > > Do people have other arguments, or strong feelings, one way or the other? > > > Trevor > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
