1 files changed, 0 insertions, 135 deletions

diff --git a/doc/security.xml b/doc/security.xml
deleted file mode 100644
index f014276..0000000
--- a/doc/security.xml
+++ /dev/null
@@ -1,135 +0,0 @@
-<sect1 id="security">
-  
-  <title>HTTP Client Security</title>
-
-  <para>&neon; is intended to be secure against a specific threat
-  model: use of a malicious HTTP server.  Under this threat model, a
-  range of attacks are possible against a client when the user (or
-  application) can be tricked into accessing an HTTP server which is
-  controlled by an attacker.  This section documents various types of
-  possible attack and describes what mitigation is used in
-  &neon;.</para>
-
-  <sect2>
-    <title>CPU or memory consumption attacks</title>
-
-    <para>&neon; uses fixed resource limits to prevent the following
-    attacks:</para>
-
-    <itemizedlist>
-      <listitem>
-        <para>memory/CPU consumption attack using an unbounded number
-        of response header fields</para>
-      </listitem>
-
-      <listitem>
-        <para>memory consumption attack using an unbounded length of
-        individual response header lines (or continuation
-        headers)</para>
-      </listitem>
-      
-      <listitem>
-        <para>memory consumption attack against the PROPFIND code
-        using an unbounded number of properties (propstat elements)
-        per resource</para>
-      </listitem>
-
-      <listitem>
-        <para>memory consumption attack against the PROPFIND code
-        using an unbounded CDATA element in a "flat property"
-        value</para>
-      </listitem>
-    </itemizedlist>
-
-    <para>Memory consumption attacks against applications based on
-    &neon; by use of unbounded response length are also possible, but
-    must be mitigated at application level.  Memory consumption in
-    &neon; itself is fixed and is not proportional to the response
-    size.</para>
-
-    <para>Test cases for all the above attacks are present in the
-    &neon; test suite.</para>
-
-  </sect2>
-
-  <sect2>
-    <title>SSL/TLS connection security</title>
-    
-    <para>When using a connection secured by SSL/TLS, it is necessary
-    for clients to verify that the X.509 certificate presented by the
-    server matches the server's expected identity.  The algorithm
-    required for this purpose is described in RFC 2818 and RFC 3280,
-    and is implemented by &neon; in the following manner:</para>
-    
-    <itemizedlist>
-      <listitem>
-        <para>the hostname argument passed to <xref
-        linkend="ne_session_create"/> is the expected identity of the
-        server</para>
-      </listitem>
-      
-      <listitem>
-        <para>the subjectAltName extension of the certificate is used
-        for comparision against the expected identity, in preference
-        to the Subject name's commonName attribute.</para>
-      </listitem>
-
-      <listitem>
-        <para>the dNSName, iPAddress, and uniformResourceIdentifier
-        classes of GeneralName are supported in subjectAltName
-        comparison.</para>
-      </listitem>
-
-      <listitem>
-        <para>if no subjectAltName is present in the certificate, the
-        most specific commonName attribute in the Subject name is used
-        for comparison instead.</para>
-      </listitem>
-    </itemizedlist> 
-    
-    <para>In the case where a server certificate is presented that
-    does not match the expected identity (or is otherwise not
-    trusted), &neon; will fail the request by default.  This behaviour
-    can be overridden by the use of a callback installed using <xref
-    linkend="ne_ssl_set_verify"/>, which allows the application to
-    present the certificate details to a user for manual/off-line
-    verification, if possible.</para>
-  
-    <para>Test cases for the correctness of the implementation of the
-    identity verification algorithm are present in the &neon; test
-    suite.</para>
-
-  </sect2>
-
-  <sect2>
-    <title>Control character insertion in error messages</title>
-    
-    <para>Where error messages (as returned by (<xref
-    linkend="ne_get_error"/>) contain data supplied by the server, the
-    untrusted data is sanitised to prevent both control characters and
-    non-ASCII characters from being used.  This prevents any attacks
-    where such error messages are exposed to the user and can
-    potentially distort the presentation of the interface (for
-    example, through the use of a carriage return character in a text
-    user interface).</para>
-  </sect2>
-
-  <sect2>
-    <title>Attacks against authentication credentials</title>
-    
-    <para>Authentication credentials can be compromised by a
-    "downgrade attack" by an active attacker; for example, where a
-    MITM presents a Basic authentication challenge in place of the
-    server's Digest challenge.  &neon; mitigates these attacks by
-    allowing the application (and hence, user) to specify that only a
-    specific set of authentication protocols is permitted.</para>
-
-    <para>&neon; supports the Digest and Negotiate authentication
-    schemes, which both allow authentication of users without passing
-    credentials in cleartext over the wire.  The "domain" parameter is
-    supported in Digest, allowing the server to restrict an
-    authentication session to a particular set of URIs.</para>
-
-  </sect2>
-
-</sect1>