Re: [apps-discuss] [http-state] HTTP MAC Authentication Scheme

Nico Williams <nico@cryptonector.com> Wed, 08 June 2011 14:54 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF1121F84E0; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.31
X-Spam-Level:
X-Spam-Status: No, score=-3.31 tagged_above=-999 required=5 tests=[AWL=-1.334, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PIhATiHWBWlm; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
Received: from homiemail-a71.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 75A5121F84DE; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
Received: from homiemail-a71.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTP id 42A3242807A; Wed, 8 Jun 2011 07:54:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=POqsYsC7GUNGirMoCVtHK gNfjM6dAbE9+/asiDdq30aavjlxB8a9zQSC5MrEbMF6VLUeCjP3wtiVORGhxQgII l4d/nCMDWQRfx7EBbrzPvF+1F0Tr/wxEmVJgC+W6uL7ytlV/rybBErLZMo2ZxTqP BQfpSLx2kueO6WnXbpxvgs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=MWIpQm+nK1ebSht6Ppx7 DUz0oGQ=; b=dtXGJiQkjsdMz6VPu1qQHIjEUnpznn91/uQYkPnzsNLjvSA9poDV Gosrzqh2+zM2+NxmzQRsQblcUT7BIWcFfHKBwgvTn00FsRmPR30N3exXRtEp5X6E S9UtbWqVud7wr9wre1dc+jmX6aajBcVBvDu74rO4us+3+e7ooSKnJI0=
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTPSA id DDFF0428078; Wed, 8 Jun 2011 07:54:34 -0700 (PDT)
Received: by pvh18 with SMTP id 18so313627pvh.31 for <multiple recipients>; Wed, 08 Jun 2011 07:54:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.38.33 with SMTP id d1mr823108pbk.389.1307544874582; Wed, 08 Jun 2011 07:54:34 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Wed, 8 Jun 2011 07:54:34 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Wed, 8 Jun 2011 07:54:34 -0700 (PDT)
In-Reply-To: <015801cc25ab$063a2150$12ae63f0$@packetizer.com>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTikpQNyQdr9oWHhtJ7a7d-4ri0CNdA@mail.gmail.com> <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <015801cc25ab$063a2150$12ae63f0$@packetizer.com>
Date: Wed, 8 Jun 2011 09:54:34 -0500
Message-ID: <BANLkTimsKgozsADnA1+yccvKmg1Pa2mPng@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Content-Type: multipart/alternative; boundary=bcaec520e845c7038c04a53483df
Cc: apps-discuss@ietf.org, Ben Adida <ben@adida.net>, Adam Barth <adam@adambarth.com>, http-state@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
Subject: Re: [apps-discuss] [http-state] HTTP MAC Authentication Scheme
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 14:54:36 -0000

On Jun 8, 2011 2:09 AM, "Paul E. Jones" <paulej@packetizer.com> wrote:
>
> Nico,
>
> Cookies would still be employed.  A cookie would be used to identify the
particular user, for example.  However, it's important to make sure that the
cookie provided by the client to the server is not stolen.  It's important
to ensure that the client provided by the server to the client is not
modified.  That's the reason for the MAC.  Once we can ensure the integrity
of the message exchange, then the existing cookie mechanism can provide us
with the secure state management capability we need.

You're still not addressing the issues raised.

Nico
--