<div dir="ltr">I was one of the people that urged caution with regard to HTTP probes. There's some ambiguity that needs to be resolved first, and then some security risks to consider.<div><br></div><div>The basic question is "what is being measured"? There are several possible answers:<div>
1. Transport-layer connectivity</div><div> 2. HTTP header information</div><div> 3. HTTP body information</div><div>Each of these has some risks that would beed to be controlled.</div><div><br></div><div>(1) is obviously the safest; that's part of what the SSL cert measurement does. But (1) is not really an HTTP measurement, it's a TCP measurement, and it would be better to cast it that way.</div>
<div><br></div><div>(2) could probably be implemented pretty safely by sending a HEAD request. However, there's still a risk that private user information would leak in such requests. For example, if a web site is doing IP-address based access control, and the probe is behind the same NAT as a user's laptop, then even a HEAD request might return user information (e.g., session cookies). </div>
<div><br></div><div>(3) is a huge security risk, because of the wide variety of things that are done with HTTP requests. For simplicity, let's assume the probe would send a GET request, and not anything more sophisticated (POST, PUT, DELETE, etc.). You could use a GET request to download a file, but you can also a GET request to do things to supply responses to HTTP forms. Want to make sure your favorite band wins the EuroVision Song Contest? Just task the Atlas network have 1000 probes vote for them every 5 minutes. There's also the question of what you do with the downloaded content. Returning it to the measurement owner would raise huge security issues, not to mention bandwidth issues. But if you don't return it, then the system will need to constrain the questions the experimenter can ask, e.g., "How many bytes were received?" "What was the SHA-1 digest of the file?".</div>
<div><br></div><div>--Richard</div><div><br></div><div><br></div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 2, 2013 at 5:21 AM, Rodolfo García Peñas (kix) <span dir="ltr"><<a href="mailto:kix@kix.es" target="_blank">kix@kix.es</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Robert Kisteleki <<a href="mailto:robert@ripe.net" target="_blank">robert@ripe.net</a>> escribió:<div><div class="h5"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On <a href="tel:2013.10.02.%2010" value="+12013100210" target="_blank">2013.10.02. 10</a>:13, Stephane Bortzmeyer wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Oct 01, 2013 at 08:01:28PM +0200,<br>
Robert Kisteleki <<a href="mailto:robert@ripe.net" target="_blank">robert@ripe.net</a>> wrote<br>
a message of 33 lines which said:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This topic has surfaced a couple of times already (in this list: Aug<br>
2012, July 2013), probably on other related lists too.<br>
</blockquote>
<br>
It would surface less often if the doc were fixed<br>
<<a href="https://atlas.ripe.net/doc/udm#creating-a-new-measurement" target="_blank">https://atlas.ripe.net/doc/<u></u>udm#creating-a-new-measurement</a><u></u>>.<br>
</blockquote>
<br>
We updated the doc right after the last time you asked :-)<br>
<br>
"Important note: HTTP(6) measurements are not available to all UDM users;<br>
they are restricted while the potential impact is evaluated."<br>
</blockquote>
<br></div></div>
Hi,<br>
<br>
my proposal:<br>
<br>
- Two different checks in the probe configuration:<br>
- http:// small file download<br>
- http:// big file download<br>
Then, the user can select if their probe will download big or small files (bw impact).<br>
- Fixed targets. The probe can connect only selected hosts and files (privacy impact). IMO, the targets should be non commercial sites, with good bw.<br>
<br>
Regards,<br>
kix<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Regards,<br>
Robert<span class="HOEnZb"><font color="#888888"><br>
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
Rodolfo García Peñas (kix)<br>
<a href="http://www.kix.es/" target="_blank">http://www.kix.es/</a><br>
<br>
</font></span></blockquote></div><br></div>