[Atlas] Request signing
Phil Hunt <phil.hunt@oracle.com> Mon, 22 January 2018 19:46 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13BBB129BBF for <atlas@ietfa.amsl.com>; Mon, 22 Jan 2018 11:46:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.03
X-Spam-Level:
X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxPAxww2epIt for <atlas@ietfa.amsl.com>; Mon, 22 Jan 2018 11:46:22 -0800 (PST)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD7FE12706D for <atlas@ietf.org>; Mon, 22 Jan 2018 11:46:22 -0800 (PST)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0MJfjeR123378 for <atlas@ietf.org>; Mon, 22 Jan 2018 19:46:22 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : content-type : mime-version : date : subject : message-id : to; s=corp-2017-10-26; bh=B+GrIqnUyO/tOGK37qDUUCJuBkjHuHYDbsdDFUPo4Os=; b=YKIEGbSTCh+s+EyELjlENSfq06mZ9KAWQL1AQE/rQAhtbBlvMXWhkTnZzv/gO1wk+8NB Y3ofW7EE9oqpjqs8tWnT862VFy9zepEdcumgBnw3QlJnzWW+DMKbjm3sXeYVAbDr5F5y qg0wZ5h6Fs/6RgkpjaE8jkAgdRJc++EbUzSwJgr6wKvKo+E4VT78fDFuL3RBnvhxKWMW X6DePAUZZZ6fLJETbNxwb9k9yX44K48tuVHr+/PHl0X+owtblLXd0mSqloiwRjpeB6/G tYg4ivQMGlmP57zLrEiFimRqg83EglCDKJXKoAMAsJPIrHTNp/Zq09ztc7PRDb7Fr0Rv oA==
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2fnpar01kt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <atlas@ietf.org>; Mon, 22 Jan 2018 19:46:21 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0MJfL3B029753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <atlas@ietf.org>; Mon, 22 Jan 2018 19:41:21 GMT
Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0MJfLPE024689 for <atlas@ietf.org>; Mon, 22 Jan 2018 19:41:21 GMT
Received: from [10.0.1.37] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 22 Jan 2018 11:41:21 -0800
From: Phil Hunt <phil.hunt@oracle.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8D84E14A-23A2-4321-93B4-7382E4974D31"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Mon, 22 Jan 2018 11:41:19 -0800
Message-Id: <13811A5D-991C-4BE4-9218-4B68D78C0141@oracle.com>
To: atlas@ietf.org
X-Mailer: Apple Mail (2.3445.5.20)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8782 signatures=668655
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=3 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=530 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801220269
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/_cRM4MTBhg1-BLxhzY8S53JSl0s>
Subject: [Atlas] Request signing
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2018 19:46:24 -0000
A problem that keeps coming up in HTTP is the ability to sign requests/responses. Some see this as additional security, but others see this as beneficial for after-the-fact verification (e.g auditing). If ATLAS proposes to encapsulate HTTP to prevent interference by intermediaries than it likely would also solve problems that HTTP request signing proposals have not been able to overcome — the possibility that intermediaries may alter HTTP requests for good (or bad) reasons. Has this been discussed? Thanks, Phil Oracle Corporation, Identity Cloud Services Architect @independentid www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>
- [Atlas] Request signing Phil Hunt
- Re: [Atlas] Request signing Russ Housley
- Re: [Atlas] Request signing Hannes Tschofenig
- Re: [Atlas] Request signing Mark Baugher
- Re: [Atlas] Request signing Phil Hunt