Re: [Atlas] Request signing
Phil Hunt <phil.hunt@oracle.com> Tue, 23 January 2018 01:27 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4042C12D852 for <atlas@ietfa.amsl.com>; Mon, 22 Jan 2018 17:27:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.028
X-Spam-Level:
X-Spam-Status: No, score=-2.028 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhG6UukFniCr for <atlas@ietfa.amsl.com>; Mon, 22 Jan 2018 17:27:45 -0800 (PST)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501A0120724 for <atlas@ietf.org>; Mon, 22 Jan 2018 17:27:45 -0800 (PST)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0N1R8Ts171999; Tue, 23 Jan 2018 01:27:39 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2017-10-26; bh=EoXCP091KdboC5VwofqkgL4cGYX41FIxs3r+YlHtmHE=; b=rDdWdaMwjBlxZlBmymbTkEDPRjBHiVbmzQVLY0N/j7hW+rOKJbnNsxp9gPaXvJYtLjCb yISUk8hzYaXLo0uQfgBQ/r7y5n6TyzFv276HsVv1QJSOXyWhPnhSFFJ1kSNv39zsQ1dY TMDrGxoCZnq7tbjNLs4lB8h4OxYU73R9xgqcZKDTUUDeZDXu2uy1zDKniFYymcnwGK2f w7YyQR8gYM66W9HvkkQV4HfpgVsow7kA8J+X/U5c7DfS8bhbLejwqDINV4+WNtT4RWM+ DCmtQ5MfIsp9Lcr/N0aEKd/69gMGjzYw+aWXUytXiWDyaJ7Q4hT6HB/9195lISIMwig4 7g==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2120.oracle.com with ESMTP id 2fnu2vg2p1-34 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Jan 2018 01:27:39 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0MLxE0V015118 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 22 Jan 2018 21:59:14 GMT
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w0MLxD9e005287; Mon, 22 Jan 2018 21:59:13 GMT
Received: from [10.0.1.19] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 22 Jan 2018 13:59:13 -0800
Content-Type: multipart/alternative; boundary="Apple-Mail-B3B4B2D8-929C-4947-8DD4-C7509CB268F6"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (15C202)
In-Reply-To: <E02DE08B-5435-4C28-BADE-DC73AA0B5E7C@vigilsec.com>
Date: Mon, 22 Jan 2018 13:59:10 -0800
Cc: atlas@ietf.org
Content-Transfer-Encoding: 7bit
Message-Id: <96B32212-4E36-45AA-9223-1DA44033D56F@oracle.com>
References: <13811A5D-991C-4BE4-9218-4B68D78C0141@oracle.com> <E02DE08B-5435-4C28-BADE-DC73AA0B5E7C@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8782 signatures=668655
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=918 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801230015
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/QAbYYgYx37YqgpS11UZxpVB_jOw>
Subject: Re: [Atlas] Request signing
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 01:27:47 -0000
Russ. Agreed. The base64 encoding however makes it easy to sign and validate at least from my reading. For non-IOT this would be, IMO, a primary use-case for considering ATLAS. If i consider industrial iot, i can see value with signed messages. Eg measurement readings (eg of rolling mill output) have increased value if signed so that the measurement can be validated later (eg because accuracy often determines product value). Phil > On Jan 22, 2018, at 1:20 PM, Russ Housley <housley@vigilsec.com> wrote: > > This was the primary goal of SHTTP. See RFC 2660. Of course, SHTTP never saw wide-spread deployment. > > Russ > > >> On Jan 22, 2018, at 2:41 PM, Phil Hunt <phil.hunt@oracle.com> wrote: >> >> A problem that keeps coming up in HTTP is the ability to sign requests/responses. Some see this as additional security, but others see this as beneficial for after-the-fact verification (e.g auditing). >> >> If ATLAS proposes to encapsulate HTTP to prevent interference by intermediaries than it likely would also solve problems that HTTP request signing proposals have not been able to overcome — the possibility that intermediaries may alter HTTP requests for good (or bad) reasons. >> >> Has this been discussed? >> >> Thanks, >> >> Phil >> >> Oracle Corporation, Identity Cloud Services Architect >> @independentid >> www.independentid.com >> phil.hunt@oracle.com > > _______________________________________________ > Atlas mailing list > Atlas@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_atlas&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=MVbDNrxNMqRIgZYYFY9uh9rLy1kIrDf1uWDM3hbw9DY&s=tGSQ5NPOxoSCglrTYkUy-16-YuTnhDjavCcvlbQnpZY&e=
- [Atlas] Request signing Phil Hunt
- Re: [Atlas] Request signing Russ Housley
- Re: [Atlas] Request signing Hannes Tschofenig
- Re: [Atlas] Request signing Mark Baugher
- Re: [Atlas] Request signing Phil Hunt