IETF Logo Mail Archive

Re: [httpapi] Using Date in requests

Martin Thomson <mt@lowentropy.net> Sun, 13 February 2022 23:19 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3623A09D0 for <httpapi@ietfa.amsl.com>; Sun, 13 Feb 2022 15:19:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=VpgqWFht; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=TNKLpZ8P
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Fvq7VCZokCq for <httpapi@ietfa.amsl.com>; Sun, 13 Feb 2022 15:19:45 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9506C3A09C1 for <httpapi@ietf.org>; Sun, 13 Feb 2022 15:19:45 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id DD5525C01AC; Sun, 13 Feb 2022 18:19:44 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute2.internal (MEProxy); Sun, 13 Feb 2022 18:19:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; bh=hFh/yrKTfp3bMvJh4/01K36u4VirrZ fVxc4WcxBGi4Q=; b=VpgqWFhtkM8vA2paZugVwUxo1Xv9Y+YOV88/oOt/leGU0I ChPe/EuG0Uba6k+g2x0ZN1xG7DYHq2tzor6c7OGpT7NVkowRYytSKifyQwjgmJTW me23Ja6EYgeqeXqiRttLyQcQ2v1tKbQAm/kEcuQlvRMQ5MlmdyutUMxlT0OGVJA6 hiQr83lDI7QKl3Dp6spMQgJomDL/jjSxuqNNM/40pHA4WUT2/2JeyaFt8lTEgFtf 4ZK12E4h00Dbo7nK4eg5+YD3yKOaWzlZv12ooxd2imYHIzgUHq72H0lcUll5MhCk Y+SUfKvxNeaYJuTgJ3gKLfZRGSjj0ae1YVP3E66w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=hFh/yrKTfp3bMvJh4 /01K36u4VirrZfVxc4WcxBGi4Q=; b=TNKLpZ8PUYvb0JE8gSRaYP7LYksQYiYEq lBdu2q6yv35fNtMthKM/rAMbPo9pBEM8SaQdyWLGhpU3uLwf6H2w7bHkdab8gQ52 nmoVKgKeDN6h92VVB4YUqPVdLIXBAgNMhTtxQGEF0c/figbQlkDUn6onrH3hvDYt X0GNH6XoSyBbe+jEhpzI3cOvHCGO0OgVv26T1TKEqb78EwJtDVycj7v4CMMqiMt2 kTtpCF/5Yy9KAXjkul+VPNapviaHaOX3/tBBKGjy78GRij3zlFGuAhb8jhqRKAXO bLRtaBJmeyma/ILknexRYKU+9DCOtp6YHK7/tdUwtbtzxtpgzqMbg==
X-ME-Sender: <xms:EJIJYkx_YSUmPmSBp09LC86JbE-WCZHyYBa7_utwSNPtvH78jEIDvw> <xme:EJIJYoSX5wzVWtX-C2EBcQ5sh6bQFZ4oeJR8PScmm3-4d-PvIFQxbZjAwRWMhtiJr raxFG0JOO7V_MMBhrU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrjedugddtlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucggtf frrghtthgvrhhnpeetieefffdvudfhleekvdfhteejgffggfeggeetuddvtdfhuedtvdej ueefudehveenucffohhmrghinhepfhhrvggvsghsugdrughkpdhirghnrgdrohhrghdpih gvthhfrdhorhhgpdhhthhtphifghdrohhrghdpghhithhhuhgsrdhiohenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrh hophihrdhnvght
X-ME-Proxy: <xmx:EJIJYmVzzK3U9c4w3xw4WO6KjE_kIrAlZ9QyaftCtg9RSDpXTaBPkA> <xmx:EJIJYihMuevLHEx8jaXCqXT0Eqrl5ZjQ-8hobkxT6AcMD95F9WjxzQ> <xmx:EJIJYmAhdflTDZUhlhMwt7Q3rEfqDzKHY85LNzN8tmgiXX5r_MAIQA> <xmx:EJIJYt-2zdIRkr-STQCa21uU_njNudXZpLODLBb9MvpchKp9G8AcRA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id B3E733C0F92; Sun, 13 Feb 2022 18:19:44 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4748-g31a5b5f50e-fm-cal2020-20220204.001-g31a5b5f5
Mime-Version: 1.0
Message-Id: <2882ef9e-06c9-432f-8538-e292a9f9a75d@beta.fastmail.com>
In-Reply-To: <15FBD3E4-D303-4E97-BAC2-7D06DBF4A286@gmail.com>
References: <054f7a17-d8df-42a6-9d36-0f3aca00c159@beta.fastmail.com> <15FBD3E4-D303-4E97-BAC2-7D06DBF4A286@gmail.com>
Date: Mon, 14 Feb 2022 10:19:27 +1100
From: Martin Thomson <mt@lowentropy.net>
To: "james.ietf@gmail.com" <james.ietf@gmail.com>
Cc: httpapi@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/rkCaVhRqABecG5QRTzl3vve6Znw>
Subject: Re: [httpapi] Using Date in requests
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Feb 2022 23:19:51 -0000

Yeah, it seems like this is one of the major revelations from this discussion.  That is, that times (or dates) might appear in multiple places and the considerations here aren't limited to the Date field.

Any input regarding text would be greatly appreciated.  I'll get around to doing something eventually, but my todo list keeps growing.

On Sat, Feb 12, 2022, at 02:17, James wrote:
> Hi Martin,
> Thanks for writing this up. I'm unsure if this was discussed elsewhere, 
> but another consideration about the Date header is its off-label use 
> for rough time synchronisation - in particular, phk wrote an 
> implementation[1], and later a rough specification[2] with an entry in 
> the well-known registry[3] using a different header aimed to either 
> synchronise, or validate a local clock. I both hope and doubt nobody is 
> using this approach, but its existence leads me to think that some 
> overall guidance on how people transmit time information more broadly 
> in HTTP messages and rely on it might be helpful for your audience. 
> Happy to help write that.
>
> - J
>
> 1: http://phk.freebsd.dk/time/20151212/
> 2: http://phk.freebsd.dk/time/20151129/
> 3: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
>
>> On 9 Feb 2022, at 06:29, Martin Thomson <mt@lowentropy.net> wrote:
>> 
>> Hi Everyone,
>> 
>> I've just posted https://www.ietf.org/archive/id/draft-thomson-httpapi-date-requests-00.html which talks about how to use Date in requests.  This is not a typical thing you see, but some of the things we're doing elsewhere makes this relevant.  For example, signing requests [1] and oblivious HTTP [2] - depending on circumstances - might want to use Date for managing anti-replay.
>> 
>> I'm bring this here as I think that this group has more direct expertise and the work is related to some of the other stuff you are doing, like the idempotency-key, which is complementary.  This also uses the problem details work (RFC 7807bis) for signaling when Date is missing or incorrect.
>> 
>> I'm happy to go into the use case in more detail if the content of the draft isn't clear enough.  Mostly, I'm just doing this so  there is a complete and robust solution for how to manage replay for the aforementioned work.
>> 
>> Cheers,
>> Martin
>> 
>> 
>> [1] https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html
>> [2] https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html
>> 
>> -- 
>> httpapi mailing list
>> httpapi@ietf.org
>> https://www.ietf.org/mailman/listinfo/httpapi

v2.23.0 | Report a Bug | By Email