Re: [apps-discuss] [http-state] HTTP MAC Authentication Scheme

Nico Williams <> Tue, 07 June 2011 21:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6B1BD11E80CC; Tue, 7 Jun 2011 14:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.377
X-Spam-Status: No, score=-2.377 tagged_above=-999 required=5 tests=[AWL=-0.400, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id W2XfefYX-LcR; Tue, 7 Jun 2011 14:17:42 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id CBB1811E80C2; Tue, 7 Jun 2011 14:17:42 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 9406543807C; Tue, 7 Jun 2011 14:17:42 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s=; b=A+CIUGyKNSbymLMArkpGnX0oaqW2ZWVs1JISqMrjmeGg uQJBZwmmPSNglbYLbh6rXf8QoxSMF67XJCD4p2Sn9BJprL/fYkmI3goQ2T6PUC++ +KZnCu4GTeb3Tr0A5u/1peMyvOQuZmUXkPwwNLhWtF5lI3sUvPWMJ3M6S5PcNgc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s=; bh=c1O9EsvOTcCw3PxOhd33itaxmWg=; b=eSeYMt1hBjf vT30PS7dcZVVlQr9YXFWD7Rt0yoXKtWdtKaIXNiUtdyGmVIsOlTh3DtTq/Rf6BP9 8UQXn4DS++Q5RN07EF82IaaSGz0fvKRSSPakhLNc3K1k7HCJxR0phbmuAIBJVlVG Ft99hy44xIi/iN6PQmqnnxOVPT6WlUtY=
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 642F3438072; Tue, 7 Jun 2011 14:17:42 -0700 (PDT)
Received: by pxi20 with SMTP id 20so4535056pxi.27 for <multiple recipients>; Tue, 07 Jun 2011 14:17:41 -0700 (PDT)
MIME-Version: 1.0
Received: by with SMTP id e9mr577932pbb.255.1307481461766; Tue, 07 Jun 2011 14:17:41 -0700 (PDT)
Received: by with HTTP; Tue, 7 Jun 2011 14:17:41 -0700 (PDT)
In-Reply-To: <>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <> <09c801cc24c2$a05bae00$e1130a00$> <> <>
Date: Tue, 7 Jun 2011 16:17:41 -0500
Message-ID: <>
From: Nico Williams <>
To: Adam Barth <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc:, Ben Adida <>,, HTTP Working Group <>, OAuth WG <>
Subject: Re: [apps-discuss] [http-state] HTTP MAC Authentication Scheme
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Jun 2011 21:17:43 -0000

On Tue, Jun 7, 2011 at 1:30 PM, Adam Barth <> wrote:
> On Tue, Jun 7, 2011 at 10:35 AM, Nico Williams <> wrote:
>> I'm completely on-board with session state[*].  My comments were
>> particularly in regards to threat models.  I believe that
>> eavesdroppers and active attackers both need to be considered,
>> particularly as we have so many open wifi networks.
> Sorry.  We can't address active attackers using this mechanism.  If
> you need protection from active attackers, please use TLS.

I've already said as much now several times.  However, I want channel
binding to TLS too.

>> To me the simplest way to address the Internet threat model is to
>> always use TLS (except, maybe, for images and such elements that have
>> little or no security value, though one must be careful when making
>> that determination) and to use channel binding.  See the I-D
>> referenced below.
> Indeed.  This mechanism is for folks who cannot or will not deploy TLS.

It has value outside TLS as well.  Particularly if you're using an
authentication mechanism that can provide mutual authentication (which
OAuth doesn't do today, but I hear there's work in progress to add
mutual auth to it).  And then you realize that you might want to do
something similar with other non-OAuth authentication methods, thus
the urge to generalize.