UserPreferences

PaceAuthenticationAndSecurityConsiderations


Abstract

For Draft-09...

Security text that does not contain misinformation.

Status

Open

Rationale

Though well-intentioned, the other security proposals are flawed in serious ways. In particular, PaceSecurityConsiderations inappropriately contains large amounts of protocol specification in the Security Considerations section. This proposal does adopt some of the text from that proposal.

Proposal

12. HTTP Access Authentication

The Atom Publishing Protocol is based on HTTP. Authentication requirements for HTTP 
are covered in Section 11 of the Hypertext Transfer Protocol -- HTTP/1.1 [RFC2616], and HTTP 
Authentication: Basic and Digest Access Authentication [RFC2617]. The choice of authentication 
mechanism will impact interoperability. Client implementers that wish to interoperate with as many 
servers as possible should consider implementing Basic authentication, Digest authentication, TLS 
[RFC2818], and be aware that additional authentication schemes will likely be encountered.

Conformant clients and servers MUST provide strong security [RFC3365], though deployments are not 
required to enable it. Basic authentication and other schemes that transmit credentials in the clear 
are not considered strong security unless they are used over a secure channel.

13. Security Considerations

As an HTTP-based protocol, APP is subject to the security considerations found 
in RFC2616 Section 15, and RFC2617 Section 4. 

13.1 Denial of Service

Atom Publishing server implementations need to take adequate precautions to ensure 
malicious clients cannot consume excessive server resources (CPU, memory, disk, etc).

13.2 Replay Attacks

Atom Publishing server implementations may be susceptible to replay attacks.  Specifically,
this specification does not define a means of detecting duplicate requests. Accidentally 
sent duplicate requests could be indistinguishable from intentional and malicious replay attacks.

13.3 Content Accuracy

Atom Publishing implementations are susceptible spoofing attacks, as described in 
section 8.4 of [RFC4287]. Malicious clients may send Atom entries containing inaccurate 
information anywhere in the document.

13.4 Linked Resources

Atom Feed and Entry documents can contain XML External Entities as defined in section 
4.2.2 of [REC-XML].  Atom implementations are not required to load external entities.
External entities are subject to the same security concerns as any network operation
and can alter the semantics of an Atom document. The same issues exist for resources
linked to by Atom elements such as atom:link and atom:content.

13.5 Digital Signatures and Encryption

Atom Entry Documents sent to a server might contain XML Digital Signatures 
[W3C.REC-xmldsig-core-20020212] and might be encrypted using XML Encryption 
[W3C.REC-xmlenc-core-20021210], as specified in section 5 of [RFC4287].  

13.6.  URIs and IRIs

Atom Publishing Protocol implementations handle URIs and IRIs. See Section 7 of [RFC3986] and
Section 8 of [RFC3987].

Impacts

Notes


CategoryProposals