[hackathon] Signing HTTP Messages
Henry Story <henry.story@bblfish.net> Fri, 04 November 2022 23:23 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: hackathon@ietfa.amsl.com
Delivered-To: hackathon@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E74EDC1522A2 for <hackathon@ietfa.amsl.com>; Fri, 4 Nov 2022 16:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bblfish-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hcdh5p5d_PeB for <hackathon@ietfa.amsl.com>; Fri, 4 Nov 2022 16:23:12 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55F19C14F74D for <hackathon@ietf.org>; Fri, 4 Nov 2022 16:23:12 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id i21so9702832edj.10 for <hackathon@ietf.org>; Fri, 04 Nov 2022 16:23:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bblfish-net.20210112.gappssmtp.com; s=20210112; h=to:date:message-id:subject:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=eTT1heqG0o1huRJxVwa+EvPpvOHW6Cnm9UdLdKxsJDU=; b=t+BdX3db0yRlHQiDvt7UN/NFeq7bwkC6I/jZGR5wh/f/LJ/3+AqhQ7BL30mnag45l6 JavttQxoDAxMzTr3iDwgInZ6iWXqAvXqb74BzaYJk3jDijIjYu8IH5dLwMBEx6PwMXjx Pvu54dc9MCvZNHwU/rNLs8p/OqyAaS8sX/6+COgIc5Kf2RrSg/ZDHYSkedvsYiCtrUUh CwFbTOqA2jYcc+JicrRafmfU+ALjmY5Rmb+xa2ly0wO97KgsuI1Mbyh38fy06RsYCpz7 LTjjLmwi2pgs8uektptsQwWawxd0O/NiH+kkfXxPtzsOfomv0Ku7rV3Brh9ryHuaspiT /Uow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:date:message-id:subject:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=eTT1heqG0o1huRJxVwa+EvPpvOHW6Cnm9UdLdKxsJDU=; b=YnwtXFeI9wk1nG4ktQ6ImeDjvSMRdQk4qBGOYRGYs8WKZOms8xNA3wEHO1CxHtS1sg ajCac9Q7cmWFHboyjGcW+q5at6VG5HjWcM19j5rwBgStYH/704bcW51d6Ls2iNxYO0SZ pumBjA6B5AMGHYpXn0daAIQ/oYARTiO+qWdGhkq6Yn+hKA/RQjTiCdM6ZBUVebjQ9OQL WRDaq8Uwmm8meZRdngO14ENwlb3th/y6LpukPZmNW6h1uRSJrLPMi2acr0T76FL1DB+y QI6y1668TYa6578hD1kCStmjTGtTiHWLl1dhYJW5o664SCEbdNQ1n4TDq1m8ZttuHEdP GieQ==
X-Gm-Message-State: ACrzQf32+T2CU1oGKDq4OkEibNtWr6Whoz4QWa6lYQqqxSKKXpCbzLtu UvVlbw3ovhZXzG6wcQBDV3swjJJOIibFTg==
X-Google-Smtp-Source: AMsMyM7Q2ttZuyFWSmChqm46KZz8ePOZ/5lRHZtwZ4TPA1z0YyXIJdye461jM7vLpfLS35brWCO/xw==
X-Received: by 2002:a05:6402:22c7:b0:463:cc1:42a2 with SMTP id dm7-20020a05640222c700b004630cc142a2mr34573748edb.217.1667604188513; Fri, 04 Nov 2022 16:23:08 -0700 (PDT)
Received: from smtpclient.apple (p200300cf17020c00e81107b75c6543c4.dip0.t-ipconnect.de. [2003:cf:1702:c00:e811:7b7:5c65:43c4]) by smtp.gmail.com with ESMTPSA id v6-20020a50a446000000b00463597d2c25sm365535edb.74.2022.11.04.16.23.06 for <hackathon@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Nov 2022 16:23:07 -0700 (PDT)
From: Henry Story <henry.story@bblfish.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_573F35C4-114A-49A4-BFDC-DB9DDA8ACDA0"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.51\))
Message-Id: <4CD23DBB-4F01-41AE-88B6-7B22052661ED@bblfish.net>
Date: Sat, 05 Nov 2022 00:22:55 +0100
To: hackathon@ietf.org
X-Mailer: Apple Mail (2.3731.300.51)
Archived-At: <https://mailarchive.ietf.org/arch/msg/hackathon/CLEVv5KQ57O1qcUkhE-XjwL5-rs>
Subject: [hackathon] Signing HTTP Messages
X-BeenThere: hackathon@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion regarding past, present, and future IETF hackathons." <hackathon.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hackathon>, <mailto:hackathon-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hackathon/>
List-Post: <mailto:hackathon@ietf.org>
List-Help: <mailto:hackathon-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hackathon>, <mailto:hackathon-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2022 23:23:16 -0000
Hi, I am working on implementing HTTP Bis WG’s Signing HTTP Messages draft 13 which is now in Last Call https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-13#appendix-B.1.2 I implemented version 07 and am trying to update it to version 13 over the weekend. Perhaps others are working on this? I have an implementation in Scala that compiles to JS and JVM byte code. https://github.com/bblfish/httpsig But I found something a bit weird with the private PEM key published in the document. It is understood without problem by Java libs, but it is failing with JS WebCrypto API libs (except that a version of the key from draft 07 does work). Details here: https://github.com/httpwg/http-extensions/issues/2290 That sounds like someone at the hackathon must be able to help with this riddle... Henry Story https://co-operating.systems WhatsApp, Signal, Tel: +33 6 38 32 69 84 Twitter: @bblfish
- [hackathon] Signing HTTP Messages Henry Story