IETF Logo Mail Archive

Re: [Acme] ACME signature mechanics

Nico Williams <nico@cryptonector.com> Wed, 17 December 2014 17:19 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 850BC1A1BD7 for <acme@ietfa.amsl.com>; Wed, 17 Dec 2014 09:19:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acgdgQVLJBM3 for <acme@ietfa.amsl.com>; Wed, 17 Dec 2014 09:19:21 -0800 (PST)
Received: from homiemail-a49.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id B93561A1BD4 for <acme@ietf.org>; Wed, 17 Dec 2014 09:19:21 -0800 (PST)
Received: from homiemail-a49.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a49.g.dreamhost.com (Postfix) with ESMTP id 92AB8200B9999; Wed, 17 Dec 2014 09:19:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=VWk8RCI+R2XpFk KYUAT7UExnkaU=; b=eEYTMocWDxxG2h8OZexemlOzhB18wYDYOu8hMof3Es8QXT rKo4D4ihPnoani/vjpk25oNzPhmumf7HGCA2D1Fn5qui9YmUwG9LNA5EWOjWACni l1sT+dSRrcr24rBqioMysadhcf98SZH5TYddIF9inUgNcTbqoSQapkHi/y4hQ=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a49.g.dreamhost.com (Postfix) with ESMTPA id 25A7F200B999E; Wed, 17 Dec 2014 09:19:21 -0800 (PST)
Date: Wed, 17 Dec 2014 11:19:20 -0600
From: Nico Williams <nico@cryptonector.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Message-ID: <20141217171915.GX3241@localhost>
References: <548FF9E3.1020703@gmail.com> <CAL02cgT9iYqtX2Ui5XQYnj=yeF_QnSkKn-jE0D5d56WMzB5bBg@mail.gmail.com> <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/v4pZeMUvRRRzL_nmxjc4w4sy8mU
Cc: Richard Barnes <rlb@ipv.sx>, "acme@ietf.org" <acme@ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
Subject: Re: [Acme] ACME signature mechanics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2014 17:19:23 -0000

On Wed, Dec 17, 2014 at 12:02:10PM -0500, Phillip Hallam-Baker wrote:
> On Tue, Dec 16, 2014 at 11:27 AM, Richard Barnes <rlb@ipv.sx> wrote:
> > That said, if your concern is really human readability, I don't think it's
> > a tragedy to make someone copy/paste into a base64 decoder.
> 
> I do. If we are going to write protocols that can't be easily interpreted
> in wireline form then why not go binary with JSON-B, CBOR or what have you.

Well, it does mean having to implement one of those...

> I don't see any value in the 'protected' or 'header' slots. They just
> confuse the issue. We should have ONE JSON blob that has all the data that
> we need and sigh that. All the data that is the case shall be signed and
> any data that is not signed shall be ignored.

I'd rather have the signature in a JSON text and the signed text encoded
as a string in the same text as bears the signature.

> The only objection I can see to this approach is that it makes JOSE pretty
> much redundant.

And that it uses new headers.

> That does leave two open issues to be decided though:
> 
> 1 Should the signature header be part of the HTTP header or the payload?

The payload.  And then you've created a new MIME type.

> I have a marginal preference for making the signature header part of the
> HTTP header because that is how most Web servers and support libraries are
> designed to work. They make it really easy to pull data out of a header. On
> many platforms the RFC822 tag value pairs are automatically mapped to
> corresponding data structures.

I'd rather it be in the payload because then you have less dependence on
the transport.  E.g., if you're using an IPC mechanism in your server
implementation, with a less-privileged front-end passing validated
payloads to a more-privileged back-end.

> There is an argument for making the signature part of the payload though.
> It is not a HTTP protocol header, it is content metadata and these should
> have always been kept separate.

Exactly.

Nico
--

v2.23.0 | Report a Bug | By Email