Opened 4 years ago

Closed 15 months ago

#15575 closed enhancement (wontfix)

Add test for HTTP Opportunistic Encryption

Reported by: reezer Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Normal Keywords: archived-closed-2018-07-04
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

With Firefox and Chrome now supporting Opportunistic Encryption of HTTP in order to avoid a passive attacker stripping or modifying that header may be a worthwhile attack. It should probably be explicitly checked for, as modifying this particular header has a great chance for being an actual attack on a website supporting it.

Blog Articles on the Header:
http://bitsup.blogspot.co.at/2015/03/opportunistic-encryption-for-firefox.html
http://blog.alteroot.org/articles/2015-03-28/HTTP-alternative-services-and-opportunistic-encryption.html

RFC explaining the Header:
https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-04

Child Tickets

Change History (2)

comment:1 Changed 22 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:2 Changed 15 months ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: newclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.