This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] HTTP/HTTPS probe
- Previous message (by thread): [atlas] HTTP/HTTPS probe
- Next message (by thread): [atlas] HTTP/HTTPS probe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Barnes
rlb at ipv.sx
Wed Oct 2 20:13:11 CEST 2013
I was one of the people that urged caution with regard to HTTP probes. There's some ambiguity that needs to be resolved first, and then some security risks to consider. The basic question is "what is being measured"? There are several possible answers: 1. Transport-layer connectivity 2. HTTP header information 3. HTTP body information Each of these has some risks that would beed to be controlled. (1) is obviously the safest; that's part of what the SSL cert measurement does. But (1) is not really an HTTP measurement, it's a TCP measurement, and it would be better to cast it that way. (2) could probably be implemented pretty safely by sending a HEAD request. However, there's still a risk that private user information would leak in such requests. For example, if a web site is doing IP-address based access control, and the probe is behind the same NAT as a user's laptop, then even a HEAD request might return user information (e.g., session cookies). (3) is a huge security risk, because of the wide variety of things that are done with HTTP requests. For simplicity, let's assume the probe would send a GET request, and not anything more sophisticated (POST, PUT, DELETE, etc.). You could use a GET request to download a file, but you can also a GET request to do things to supply responses to HTTP forms. Want to make sure your favorite band wins the EuroVision Song Contest? Just task the Atlas network have 1000 probes vote for them every 5 minutes. There's also the question of what you do with the downloaded content. Returning it to the measurement owner would raise huge security issues, not to mention bandwidth issues. But if you don't return it, then the system will need to constrain the questions the experimenter can ask, e.g., "How many bytes were received?" "What was the SHA-1 digest of the file?". --Richard On Wed, Oct 2, 2013 at 5:21 AM, Rodolfo García Peñas (kix) <kix at kix.es>wrote: > > Robert Kisteleki <robert at ripe.net> escribió: > > > On 2013.10.02. 10:13, Stephane Bortzmeyer wrote: >> >>> On Tue, Oct 01, 2013 at 08:01:28PM +0200, >>> Robert Kisteleki <robert at ripe.net> wrote >>> a message of 33 lines which said: >>> >>> This topic has surfaced a couple of times already (in this list: Aug >>>> 2012, July 2013), probably on other related lists too. >>>> >>> >>> It would surface less often if the doc were fixed >>> <https://atlas.ripe.net/doc/**udm#creating-a-new-measurement<https://atlas.ripe.net/doc/udm#creating-a-new-measurement> >>> **>. >>> >> >> We updated the doc right after the last time you asked :-) >> >> "Important note: HTTP(6) measurements are not available to all UDM users; >> they are restricted while the potential impact is evaluated." >> > > Hi, > > my proposal: > > - Two different checks in the probe configuration: > - http:// small file download > - http:// big file download > Then, the user can select if their probe will download big or small > files (bw impact). > - Fixed targets. The probe can connect only selected hosts and files > (privacy impact). IMO, the targets should be non commercial sites, with > good bw. > > Regards, > kix > > Regards, >> Robert >> > > > Rodolfo García Peñas (kix) > http://www.kix.es/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ripe-atlas/attachments/20131002/71b1620f/attachment.html>
- Previous message (by thread): [atlas] HTTP/HTTPS probe
- Next message (by thread): [atlas] HTTP/HTTPS probe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]