Re: [httpapi] Using Date in requests
Roberto Polli <robipolli@gmail.com> Wed, 09 February 2022 12:04 UTC
Return-Path: <robipolli@gmail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1513F3A144B for <httpapi@ietfa.amsl.com>; Wed, 9 Feb 2022 04:04:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D3zj3MCOoxYW for <httpapi@ietfa.amsl.com>; Wed, 9 Feb 2022 04:04:17 -0800 (PST)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 616E73A149B for <httpapi@ietf.org>; Wed, 9 Feb 2022 04:04:02 -0800 (PST)
Received: by mail-io1-xd33.google.com with SMTP id h7so2777514iof.3 for <httpapi@ietf.org>; Wed, 09 Feb 2022 04:04:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=K+dXIWIUdNqqjVtYpwsNNDq2mU7UEsOl+TANBIBs2is=; b=no5uGtDVwfCq+A+mZ7OGt07+p1SY6Uzxzr9sNaUAzfuyoq3G9yroJZaXiM+nFYeO7F 9QEGKz4Ng4Y8nxGvOziNsrUD9SAnIKe4nVdD4PJgJO2YcJwFem7PSQ8fsPuIwVJqXSWB 0eucMJIoBZp2LvD193IvAfpUHVLcCxeRPfxiCm16jgRVewOSYq3uFt8y4Jzo7hfqc9VC my6EH+Kt6pCZFYV2PheBK+b6/xopMtQ44MsQmr3Jegw8jVA4FNR0cGaxGlfabXLUVUIh 87mXUkyvUg5M7YnLDhttKPVOCzGGhi/b+CQC4v+9mvKcD05P9gPHQSfj3IOrIsSUxb8b rgqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=K+dXIWIUdNqqjVtYpwsNNDq2mU7UEsOl+TANBIBs2is=; b=aQqgDw9oRSEq9/TILgK4YlFQ5WySQYQQ06mJVXi4C+2IgE8eRBQ7B5l01BTyD1Zt8p oXGc14j9e0UvhUzWmne9gemfRGgNMUEEC6y5/Jv7Q0uBGUXnsvgF0rIn/CFkdrNowikD f6TcodIyp/ntINzb5Et3juBfxakN5rD27JkoteDl3l4b18kunMe1Zz9fk0qA4XH8SI10 C/JKGGgHDgV6dxPMKHn48LBniTlvU5pK6ejU3aigKY+SZDyPthg6BzBCD33HNn/sv7N/ TCEBYmrnmGpFeeLKzJAD9GncOy4nsNEzxc7+mn4aVydV2IJy1DlAheJp3hB1T+Xu4nmM J3KQ==
X-Gm-Message-State: AOAM531wUkMJ9RJtm+PPSItnVE6erXD6NK9ZR3yaJHyV46dgOti4MXt3 VAayjx+WjQBSXsxqmltVLEEVeITz1ac536h6BHlaJJl7t/0=
X-Google-Smtp-Source: ABdhPJw1xZouoZMuzXXMCbE1SgYY9r8opfbIQqlqqNOt5B9vgUZ2To/46QOUWEHxSbrGQhLjfCozGX8p/74ydo2PCP4=
X-Received: by 2002:a05:6638:1454:: with SMTP id l20mr915785jad.22.1644408240755; Wed, 09 Feb 2022 04:04:00 -0800 (PST)
MIME-Version: 1.0
References: <054f7a17-d8df-42a6-9d36-0f3aca00c159@beta.fastmail.com>
In-Reply-To: <054f7a17-d8df-42a6-9d36-0f3aca00c159@beta.fastmail.com>
From: Roberto Polli <robipolli@gmail.com>
Date: Wed, 09 Feb 2022 13:03:49 +0100
Message-ID: <CAP9qbHXgxa081K8_2UvQwajhx1aSEgnUMyaGOfGcpz62J0+H4w@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: "httpapi@ietf.org" <httpapi@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/EJ8oDh8GXyFyF3BHM0ltx_N3LPk>
Subject: Re: [httpapi] Using Date in requests
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2022 12:04:31 -0000
Hi Martin, Il giorno mer 9 feb 2022 alle ore 06:30 Martin Thomson <mt@lowentropy.net> ha scritto: > I've just posted https://www.ietf.org/archive/id/draft-thomson-httpapi-date-requests-00.html which talks about how to use Date in requests. Thanks for your draft, I think that the considerations are interesting, and are widely applicable when using Date. It seems to me to be a kind of BCP. Probably some of them would fit the `Date` field definition. > [...] signing requests [1] and oblivious HTTP [2] - depending on circumstances - might want to use Date for managing anti-replay. While I can't tell on oblivious HTTP, all the considerations in the document suggest to me that using the signature validity and timestamps expressed via JWT (iat, nbf, exp) or via Signature's created, expires parameters is more reliable than signing Date. > [..] the work is related to some of the other stuff you are doing, > like the idempotency-key, which is complementary. > This also uses the problem details work (RFC 7807bis) for signaling when Date is missing or incorrect. I am curious about whether this applies to the SF-Date proposal too (eg. to signal the presence of both SF-Date and Date eg when both fields are present in signatures, ...) > I'm happy to go into the use case in more detail Please, do! Thanks for your time and have a nice day, R.
- [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests Ben Bucksch
- Re: [httpapi] Using Date in requests Roberto Polli
- Re: [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests James
- Re: [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests Herbert Van de Sompel
- Re: [httpapi] Using Date in requests Martin Thomson