Re: [alto] Redistribution (was: Reprise of REST comments)
"Thomson, Martin" <Martin.Thomson@andrew.com> Thu, 06 January 2011 22:01 UTC
Return-Path: <Martin.Thomson@andrew.com>
X-Original-To: alto@core3.amsl.com
Delivered-To: alto@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B80C13A6F48 for <alto@core3.amsl.com>; Thu, 6 Jan 2011 14:01:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.545
X-Spam-Level:
X-Spam-Status: No, score=-2.545 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lP8WmKmLbaro for <alto@core3.amsl.com>; Thu, 6 Jan 2011 14:01:18 -0800 (PST)
Received: from csmailgw1.commscope.com (csmailgw1.commscope.com [198.135.207.244]) by core3.amsl.com (Postfix) with ESMTP id D4C4C3A6D1A for <alto@ietf.org>; Thu, 6 Jan 2011 14:01:18 -0800 (PST)
Received: from [10.86.20.103] ([10.86.20.103]:49762 "EHLO ACDCE7HC2.commscope.com") by csmailgw1.commscope.com with ESMTP id S41053608Ab1AFWDZ (ORCPT <rfc822; alto@ietf.org>); Thu, 6 Jan 2011 16:03:25 -0600
Received: from SISPE7HC2.commscope.com (10.97.4.13) by ACDCE7HC2.commscope.com (10.86.20.103) with Microsoft SMTP Server (TLS) id 8.3.137.0; Thu, 6 Jan 2011 16:03:24 -0600
Received: from SISPE7MB1.commscope.com ([fe80::9d82:a492:85e3:a293]) by SISPE7HC2.commscope.com ([fe80::58c3:2447:f977:57c3%10]) with mapi; Fri, 7 Jan 2011 06:03:22 +0800
From: "Thomson, Martin" <Martin.Thomson@andrew.com>
To: Richard Alimi <rich@velvetsea.net>
Date: Fri, 07 Jan 2011 06:03:20 +0800
Thread-Topic: [alto] Redistribution (was: Reprise of REST comments)
Thread-Index: Acuta3XzVUqFeSFQTVWmVtqRjuBjEwAgUBVQ
Message-ID: <8B0A9FCBB9832F43971E38010638454F03F5258CDC@SISPE7MB1.commscope.com>
References: <8B0A9FCBB9832F43971E38010638454F03F336538D@SISPE7MB1.commscope.com> <AANLkTi=MzkpVSw5Nvet2GLdaEGFYCKo++eKbZbG5QCj3@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03F50ED506@SISPE7MB1.commscope.com> <AANLkTimvg4A8zB0SH4ZLfbCBN7sFyLCcL5Fwnvzu6iGk@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03F50ED652@SISPE7MB1.commscope.com> <AANLkTi=BduAW0ToYr-4TC8KfewAK9Kp8KghORKpW1CaE@mail.gmail.com>
In-Reply-To: <AANLkTi=BduAW0ToYr-4TC8KfewAK9Kp8KghORKpW1CaE@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-BCN: Meridius 1000 Version 3.4 on csmailgw1.commscope.com
X-BCN-Sender: Martin.Thomson@andrew.com
Cc: "alto@ietf.org" <alto@ietf.org>
Subject: Re: [alto] Redistribution (was: Reprise of REST comments)
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/alto>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2011 22:01:20 -0000
On 2011-01-06 at 17:32:12, Richard Alimi wrote: > > I'm not the security guy, but that signature mechanism looks like it > needs some work. I like the fact that you have put the signature in > metadata, but how does a client decide which of the many available > public keys to use? There are potentially multiple sources that can > provide a public key; before redirection comes into play. > > > > I think Section 8.1.3 should answer the question here. Was it still > ambiguous after reading this? If so, we can certainly clarify it. These comments were based on 8.1.3.1: you present a choice, which is - as I understand it - not always a good thing when you are looking for some security property. > > From an HTTP perspective, I think that you will find that trailers > are poorly supported. Current advice indicates that they have to be > able to be ignored (see [1]), which might interfere with your use case > - though this is definitely the right way to use trailers. > > That's unfortunate. I think the requirements here are that an ALTO > Server should be able to generate and an append a signature even for a > dynamically-generated response which is streamed (as opposed to > buffered) to a client. An alternative was to put the signature as > some trailing portion of the JSON message (e.g., the last member of > the outer-most object), but that seemed ugly since it seemed to > require signing a subset of the JSON message, thus requiring us to > define some canonical form that would be used for signature > verification. Do you know of other alternatives beyond these two? CMS (formerly S/MIME; RFC 5652 from memory) might work, though I'm certainly not across all the complexities. By all means avoid enveloped signatures, you really don't want to deal with canonicalization, even if JSON is easier than XML, it's still non-trivial.
- [alto] Reprise of REST comments Thomson, Martin
- Re: [alto] Reprise of REST comments Richard Alimi
- Re: [alto] Reprise of REST comments Thomson, Martin
- Re: [alto] Reprise of REST comments Richard Alimi
- Re: [alto] Redistribution (was: Reprise of REST c… Thomson, Martin
- Re: [alto] Redistribution (was: Reprise of REST c… Richard Alimi
- Re: [alto] Redistribution (was: Reprise of REST c… Thomson, Martin
- Re: [alto] Redistribution (was: Reprise of REST c… Richard Alimi
- Re: [alto] Redistribution (was: Reprise of REST c… Thomson, Martin