Re: Web Keys and HTTP Signatures

Manu Sporny <msporny@digitalbazaar.com> Thu, 18 April 2013 13:44 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DCE921F8E79 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Apr 2013 06:44:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xD3MdRw+X+KZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Apr 2013 06:44:15 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id CD2AA21F8E74 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 18 Apr 2013 06:44:15 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1USp6y-0001yL-Mf for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Apr 2013 13:42:52 +0000
Resent-Date: Thu, 18 Apr 2013 13:42:52 +0000
Resent-Message-Id: <E1USp6y-0001yL-Mf@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1USp6v-0001u4-AB; Thu, 18 Apr 2013 13:42:49 +0000
Received: from [216.252.204.51] (helo=mail.digitalbazaar.com) by lisa.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1USp6t-00014C-Ui; Thu, 18 Apr 2013 13:42:49 +0000
Received: from zoe.digitalbazaar.com ([192.168.0.99] ident=msporny) by mail.digitalbazaar.com with esmtp (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1USp6K-0000ZP-1u; Thu, 18 Apr 2013 09:42:12 -0400
Message-ID: <516FF833.1000401@digitalbazaar.com>
Date: Thu, 18 Apr 2013 09:42:11 -0400
From: Manu Sporny <msporny@digitalbazaar.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.5) Gecko/20120624 Icedove/10.0.5
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>
CC: "Manger, James H" <James.H.Manger@team.telstra.com>, Carsten Bormann <cabo@tzi.org>, Web Payments CG <public-webpayments@w3.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
References: <516F14E1.5040503@digitalbazaar.com> <9DF0F237-62DC-4E82-A545-B09C6083849B@tzi.org> <CADcbRRN2XWa9QwuaXAoxjMdkcguvQiiGq934RXU=-1ntzGpWNQ@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E1150C90E93E@WSMSG3153V.srv.dir.telstra.com> <CABkgnnXoY3iOH7M=A5hCo+eTnDiPODvgmdnDay0AKUo4PsuoMg@mail.gmail.com>
In-Reply-To: <CABkgnnXoY3iOH7M=A5hCo+eTnDiPODvgmdnDay0AKUo4PsuoMg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Received-SPF: none client-ip=216.252.204.51; envelope-from=msporny@digitalbazaar.com; helo=mail.digitalbazaar.com
X-W3C-Hub-Spam-Status: No, score=-2.8
X-W3C-Hub-Spam-Report: AWL=-4.075, RDNS_NONE=1.274
X-W3C-Scan-Sig: lisa.w3.org 1USp6t-00014C-Ui 8fe1c3c18dca69536d851b540857ba11
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Web Keys and HTTP Signatures
Archived-At: <http://www.w3.org/mid/516FF833.1000401@digitalbazaar.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17331
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 04/17/2013 08:00 PM, Martin Thomson wrote:
> Yeah, that's a pretty bad.  Switching two date-formatted headers 
> might be a simple thing to gain advantage on.  (Last-Modified and 
> Date, might work to poison a cache with old content if the cache 
> isn't rigorous about checking Date).  It seems like a simple fix 
> would be to include the list of headers under the signature as the 
> first item.

Carsten, James, Martin - good catch, thanks. We had assumed that the
implementation included the headers names as well as the values in the
data being digitally signed. As Dave Lehn pointed out, this is a work in
progress, but we wanted to get something out as sooner than later.

The attack is only possible if a message is passed over a non-secure
channel, right? That is, the spec is clear about passing all messages
over HTTPS. Granted, that's not an excuse for the approach taken and it
should be fixed, but the attack is only possible if messages are sent
over an insecure channel, correct?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/