Security/Reviews/Firefox9/ReviewNotes/HTTPPipelines

tems to be reviewed: https://wiki.mozilla.org/Platform/Features/HTTP_pipelining HTTP Pipelineing - http://bugzilla.mozilla.org/show_bug.cgi?id=264354

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

• HTTP 1.1 RFC-2616
  • reduce latency
• attempting to roll this out in a robust and safe way that was not available in the past; make this more real world usable
• we are remaining spec compliant
  • we attempt to detect if the other end is spec compliant or not and dealing with it
• 2 problems that are known
  • server side, and dynamically black list (in memory and ability to store)
  • client-side proxies (e.g. anti-virus software) can break pipelining
    • We should look at how Chrome is handling these for its False Start implementation

What solutions/approaches were considered other than the proposed solution?

• SPDY

Why was this solution chosen?

• doing both (SPDY & pipelining)

Any security threats already considered in the design and why?

• trying to detect where this is broken as best we can, however we may have corrupted or out of order responses in a way we can not detect
• Do we take http://tools.ietf.org/html/draft-nottingham-http-pipeline-01 into account? (seems to describe blacklisting and other heuristics, so probably?)

Threat Brainstorming

• We cannot always detect when a connection has been corrupted (e.g. replies received out of order)
• Server could interpret pipelined requests as one request
• Re-requesting resources might cause side-effects (which aren't supposed to happen) multiple times
  • This has already been an issue due to our re-request for non-pipelined persistent conections; it is just more likely to happen now with pipelining.

Conclusions / Action Items

• [bsmith] Private browsing mode: need to check that we don't save blacklist to disk when we are in private browsing mode
  • already covered according to Patrick