Abstract
For Draft-09...
Security text that does not contain misinformation.
Status
Open
Rationale
Though well-intentioned, the other security proposals are flawed in serious ways. In particular, PaceSecurityConsiderations inappropriately contains large amounts of protocol specification in the Security Considerations section. This proposal does adopt some of the text from that proposal.
Proposal
12. HTTP Access Authentication The Atom Publishing Protocol is based on HTTP. Authentication requirements for HTTP are covered in Section 11 of the Hypertext Transfer Protocol -- HTTP/1.1 [RFC2616], and HTTP Authentication: Basic and Digest Access Authentication [RFC2617]. The choice of authentication mechanism will impact interoperability. Client implementers that wish to interoperate with as many servers as possible should consider implementing Basic authentication, Digest authentication, TLS [RFC2818], and be aware that additional authentication schemes will likely be encountered. Conformant clients and servers MUST provide strong security [RFC3365], though deployments are not required to enable it. Basic authentication and other schemes that transmit credentials in the clear are not considered strong security unless they are used over a secure channel. 13. Security Considerations As an HTTP-based protocol, APP is subject to the security considerations found in RFC2616 Section 15, and RFC2617 Section 4. 13.1 Denial of Service Atom Publishing server implementations need to take adequate precautions to ensure malicious clients cannot consume excessive server resources (CPU, memory, disk, etc). 13.2 Replay Attacks Atom Publishing server implementations may be susceptible to replay attacks. Specifically, this specification does not define a means of detecting duplicate requests. Accidentally sent duplicate requests could be indistinguishable from intentional and malicious replay attacks. 13.3 Content Accuracy Atom Publishing implementations are susceptible spoofing attacks, as described in section 8.4 of [RFC4287]. Malicious clients may send Atom entries containing inaccurate information anywhere in the document. 13.4 Linked Resources Atom Feed and Entry documents can contain XML External Entities as defined in section 4.2.2 of [REC-XML]. Atom implementations are not required to load external entities. External entities are subject to the same security concerns as any network operation and can alter the semantics of an Atom document. The same issues exist for resources linked to by Atom elements such as atom:link and atom:content. 13.5 Digital Signatures and Encryption Atom Entry Documents sent to a server might contain XML Digital Signatures [W3C.REC-xmldsig-core-20020212] and might be encrypted using XML Encryption [W3C.REC-xmlenc-core-20021210], as specified in section 5 of [RFC4287]. 13.6. URIs and IRIs Atom Publishing Protocol implementations handle URIs and IRIs. See Section 7 of [RFC3986] and Section 8 of [RFC3987].