Re: [httpapi] Using Date in requests
James <james.ietf@gmail.com> Fri, 11 February 2022 15:17 UTC
Return-Path: <james.ietf@gmail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A38BE3A11F5 for <httpapi@ietfa.amsl.com>; Fri, 11 Feb 2022 07:17:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4YLjc4-k4Vw for <httpapi@ietfa.amsl.com>; Fri, 11 Feb 2022 07:17:35 -0800 (PST)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89DC03A083D for <httpapi@ietf.org>; Fri, 11 Feb 2022 07:17:35 -0800 (PST)
Received: by mail-ej1-x62a.google.com with SMTP id fj5so20695927ejc.4 for <httpapi@ietf.org>; Fri, 11 Feb 2022 07:17:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YQqSx0gHlMskOoNlGfpuusllVJUHCgQmnfadZF+PSMM=; b=JALu5yWZzWuMoZxSNGFzhag7LVFV0P/bzgxxHdmvxRLQ3+sGcE3fQnsIbJ6O1DKZNu p7NV/KmAiUEApcqk5sM1LwE9Aru1d7E1lcWCsG5ifi0WJXzuZdN7lcn0nR4zX/pat2Lj LHxk2ydP5tDfxi8R7a1J7zr1CW2ha1HZSFxdQNkd1hgE/XHfHmymlWcVd4D1d944KniS HiL9PGDAiX3FbQMobmy2maEDiGe5NWLoI02+bls5y/boAUBk4DeiX6G5RzDyfjj6ZVAt nD2BLOLx20StE+LhLOP3c/Ap3OrOGaamEqxLrMdoACHNZqhdplwE5NfEE73ddfSNuyMc 5vzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YQqSx0gHlMskOoNlGfpuusllVJUHCgQmnfadZF+PSMM=; b=opVtWJC9PfG8ZnU++PK1dyb0yVY2cItd9+EP/20zyCFC65fL5T+itT49OCNk9RCAw2 t8T2DG+d5gMiS8xJq1eBPgNsuPD6ig9lLL4zgoYUyGl0RMHtdRb6748IY0CWggRV0l2c EXiZRRqQL+tJV+/c3YsX3D65bK1qhlXranTc6BlT0AReYZn1GVYyRt/OxTJOszYndj2R LILYV/Sjz4iTqcLORHCtPBPVY9+Fla99DvKwNupzD3m6jTc4tMlLn9EfyaiOafSHA1Je B3gm8HM7b2iyfkAF0g3WCZCzPZkW8/zDdskjRtWKuY+PWRpHPyYEdP/kXT0Hfj64642O +b9Q==
X-Gm-Message-State: AOAM533XnOdL+h1gRV0axTX+WFpV7LBaSAZuPQ80P51UuDC3QEYBzo7h YJbLObvFetHF21xgBoQ3eAPVI0fJQfevFw==
X-Google-Smtp-Source: ABdhPJzvxP/05VyQuJXiLOfuX9Lvic9JYiATA7YzypABedVh9syYjia0DfEQ67r8OzxZoMNzUIAhGA==
X-Received: by 2002:a17:907:1b24:: with SMTP id mp36mr1799491ejc.519.1644592650936; Fri, 11 Feb 2022 07:17:30 -0800 (PST)
Received: from smtpclient.apple ([2001:984:65b0:2:dde3:713a:6720:7c0c]) by smtp.gmail.com with ESMTPSA id ko9sm5696341ejc.60.2022.02.11.07.17.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Feb 2022 07:17:30 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.40.0.1.81\))
From: James <james.ietf@gmail.com>
In-Reply-To: <054f7a17-d8df-42a6-9d36-0f3aca00c159@beta.fastmail.com>
Date: Fri, 11 Feb 2022 16:17:29 +0100
Cc: httpapi@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <15FBD3E4-D303-4E97-BAC2-7D06DBF4A286@gmail.com>
References: <054f7a17-d8df-42a6-9d36-0f3aca00c159@beta.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3693.40.0.1.81)
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/PSeAZdSvXM4WMi9I3qZJvuLtOqw>
Subject: Re: [httpapi] Using Date in requests
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2022 15:17:41 -0000
Hi Martin, Thanks for writing this up. I'm unsure if this was discussed elsewhere, but another consideration about the Date header is its off-label use for rough time synchronisation - in particular, phk wrote an implementation[1], and later a rough specification[2] with an entry in the well-known registry[3] using a different header aimed to either synchronise, or validate a local clock. I both hope and doubt nobody is using this approach, but its existence leads me to think that some overall guidance on how people transmit time information more broadly in HTTP messages and rely on it might be helpful for your audience. Happy to help write that. - J 1: http://phk.freebsd.dk/time/20151212/ 2: http://phk.freebsd.dk/time/20151129/ 3: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml > On 9 Feb 2022, at 06:29, Martin Thomson <mt@lowentropy.net> wrote: > > Hi Everyone, > > I've just posted https://www.ietf.org/archive/id/draft-thomson-httpapi-date-requests-00.html which talks about how to use Date in requests. This is not a typical thing you see, but some of the things we're doing elsewhere makes this relevant. For example, signing requests [1] and oblivious HTTP [2] - depending on circumstances - might want to use Date for managing anti-replay. > > I'm bring this here as I think that this group has more direct expertise and the work is related to some of the other stuff you are doing, like the idempotency-key, which is complementary. This also uses the problem details work (RFC 7807bis) for signaling when Date is missing or incorrect. > > I'm happy to go into the use case in more detail if the content of the draft isn't clear enough. Mostly, I'm just doing this so there is a complete and robust solution for how to manage replay for the aforementioned work. > > Cheers, > Martin > > > [1] https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html > [2] https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html > > -- > httpapi mailing list > httpapi@ietf.org > https://www.ietf.org/mailman/listinfo/httpapi
- [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests Ben Bucksch
- Re: [httpapi] Using Date in requests Roberto Polli
- Re: [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests James
- Re: [httpapi] Using Date in requests Martin Thomson
- Re: [httpapi] Using Date in requests Herbert Van de Sompel
- Re: [httpapi] Using Date in requests Martin Thomson