Security/Reviews/Firefox9/ReviewNotes/HTTPPipelines
From MozillaWiki
tems to be reviewed: https://wiki.mozilla.org/Platform/Features/HTTP_pipelining HTTP Pipelineing - http://bugzilla.mozilla.org/show_bug.cgi?id=264354
Introduce Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- HTTP 1.1 RFC-2616
- reduce latency
- attempting to roll this out in a robust and safe way that was not available in the past; make this more real world usable
- we are remaining spec compliant
- we attempt to detect if the other end is spec compliant or not and dealing with it
- 2 problems that are known
- server side, and dynamically black list (in memory and ability to store)
- client-side proxies (e.g. anti-virus software) can break pipelining
- We should look at how Chrome is handling these for its False Start implementation
What solutions/approaches were considered other than the proposed solution?
- SPDY
Why was this solution chosen?
- doing both (SPDY & pipelining)
Any security threats already considered in the design and why?
- trying to detect where this is broken as best we can, however we may have corrupted or out of order responses in a way we can not detect
- Do we take http://tools.ietf.org/html/draft-nottingham-http-pipeline-01 into account? (seems to describe blacklisting and other heuristics, so probably?)
Threat Brainstorming
- We cannot always detect when a connection has been corrupted (e.g. replies received out of order)
- Server could interpret pipelined requests as one request
- Re-requesting resources might cause side-effects (which aren't supposed to happen) multiple times
- This has already been an issue due to our re-request for non-pipelined persistent conections; it is just more likely to happen now with pipelining.
Conclusions / Action Items
- [bsmith] Private browsing mode: need to check that we don't save blacklist to disk when we are in private browsing mode
- already covered according to Patrick