IETF Logo Mail Archive

Re: Origin-signed responses

Jeffrey Yasskin <jyasskin@google.com> Wed, 06 September 2017 18:51 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EE1E1321A2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 6 Sep 2017 11:51:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQjAjWuLTKe5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 6 Sep 2017 11:51:09 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0CA2132981 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 6 Sep 2017 11:51:09 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1dpfNB-00008m-Pz for ietf-http-wg-dist@listhub.w3.org; Wed, 06 Sep 2017 18:48:25 +0000
Resent-Date: Wed, 06 Sep 2017 18:48:25 +0000
Resent-Message-Id: <E1dpfNB-00008m-Pz@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1dpfMt-00007p-Tp for ietf-http-wg@listhub.w3.org; Wed, 06 Sep 2017 18:48:07 +0000
Received: from mail-wm0-f53.google.com ([74.125.82.53]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1dpfMs-0007yn-3J for ietf-http-wg@w3.org; Wed, 06 Sep 2017 18:48:07 +0000
Received: by mail-wm0-f53.google.com with SMTP id i145so32569597wmf.1 for <ietf-http-wg@w3.org>; Wed, 06 Sep 2017 11:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7mwEOrAdfgEZ+Lpk/TNHMb4Xo13bx++hhIuUQrMQwvo=; b=UYW/zlteoCrntV4krH9BCy39W4LSik0UxtIwUh3Nj+kPde7I3CRIyOFRHbs18y6KcN I6xgB/1Yxf+qvijAcnyyO4vhW8gCO/hWUUlf/Pfgag8gQ8iv2f2ehomxQ3LovsNkH1/q k2VIxbg21qWTJbzQUUSWa8zuhQ5r/Y+NT8IEHjUkF984BtFsN/bMcfRbSVh6y7t3Wa12 uTDS8zCipVybBnGmJLUuCrtxx5GDo1eVfQ+Fa2zuYwgMYYAn4OqMAFaG0vGYMxC6oCGS BDf1O+6kLDBDx4+D9P8pHk/D8r4KUobMBn0cMkJPodz5pYdMB1grXsvGiiH7TFHyIdxR JBOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7mwEOrAdfgEZ+Lpk/TNHMb4Xo13bx++hhIuUQrMQwvo=; b=PXNbSBUmdzFYgDNZxQZbuh5szYgBm2Vg+bcQmY8L66bom8+1jggilu+RGUo2O/kx36 WwNKUdaAobSZxrUaQqITtvw0sf/r5gLgLvZAADCMB4ky7O/KhXJMmAt/3HaHDLxkKXlG KblYqJRRNsQXQzj2zKRmc8MWI2pKNZg8TJymziDzznLYs57Jfp7YgeLlcAspDsHBLPGu ympwl1qkRZqWS28vg3kyrchJm2UEAta9vQnKP5YrVUnRfc+x07vXD0HHD2f6BCTIS0Lg xbTTzfKi8DRaLsHNvG71IhyHq5KvtriI+nz08bINXiKuZ2IcGsxct/la6e5Ol2B+HsiF 9g2g==
X-Gm-Message-State: AHPjjUhKOFa64oIUxTWM2g13oSroVDIb8mqeXrLzO+pvAI+OckniP6Kw nCsJY9Cv/eLV92MRFM8ImzmJBFtENwQ5y5UzHn3+xw==
X-Google-Smtp-Source: ADKCNb6XVj0b2f/uQurwRsZ8GZdONsxzdfw/DKJJWZBd5KNhdeeSyOobWCVHd3XuGvSdJMozWFEDh4fcL/Kr2DEffOU=
X-Received: by 10.28.226.84 with SMTP id z81mr469907wmg.108.1504723663912; Wed, 06 Sep 2017 11:47:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.156.132 with HTTP; Wed, 6 Sep 2017 11:47:22 -0700 (PDT)
In-Reply-To: <7CF7F94CB496BF4FAB1676F375F9666A3776666B@bgb01xud1012>
References: <CANh-dXkbqBpGUrr-dXceQ5HzDjC6mSrrudTKjWwaBQcSO584ug@mail.gmail.com> <7CF7F94CB496BF4FAB1676F375F9666A37766651@bgb01xud1012> <CANh-dX=AFEmJ-yuHxnSYycxN2Rv8V40LzwYeDHGtgZEoJeVHog@mail.gmail.com> <7CF7F94CB496BF4FAB1676F375F9666A3776666B@bgb01xud1012>
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Wed, 06 Sep 2017 11:47:22 -0700
Message-ID: <CANh-dX=ocTOOq1xnTEf9Da5vPEaXo3qJu3QDD00T4nsuoMx_7A@mail.gmail.com>
To: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a114b0cd4796435055889c732"
Received-SPF: pass client-ip=74.125.82.53; envelope-from=jyasskin@google.com; helo=mail-wm0-f53.google.com
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: AWL=3.887, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1dpfMs-0007yn-3J 319e25903fe01cecbe7248c57233fdee
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Origin-signed responses
Archived-At: <http://www.w3.org/mid/CANh-dX=ocTOOq1xnTEf9Da5vPEaXo3qJu3QDD00T4nsuoMx_7A@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34434
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks. In draft-pardue-quic-http-mcast-01 you do have enough of a channel
in the Alt-Svc header to transmit a signing key, so you could use
draft-cavage-http-signatures, but the spec and examples show the public key
being identified alongside the signature, which isn't enough to establish
that the expected sender is actually the one that signed the message.

draft-yasskin-http-origin-signed-responses would be harder to use
incorrectly inside higher-level protocols, since it insists that the key is
trusted for the example.com domain.

Jeffrey

On Fri, Sep 1, 2017 at 10:36 AM, Lucas Pardue <Lucas.Pardue@bbc.co.uk>
wrote:

> We've written up some of it in the I-D draft-pardue-quic-http-mcast.
> Section 6 and appendix B are particularly relevant.
>
> We expect the checks to happen in the application code, running in or
> above a HTTP UA of some sort. E.g. an app that incorporates libcurl, or
> JavaScript application code executing in a browser.
>
> Lucas
> ________________________________________
> From: Jeffrey Yasskin [jyasskin@google.com]
> Sent: 01 September 2017 18:18
> To: Lucas Pardue
> Cc: HTTP Working Group
> Subject: Re: Origin-signed responses
>
> On Fri, Sep 1, 2017 at 10:04 AM, Lucas Pardue <Lucas.Pardue@bbc.co.uk>
> wrote:
> > Hi Jeffrey,
> >
> > I spotted this yesterday and found it an interesting read, so thanks for
> starting a discussion.
> >
> > Your draft references draft-cavage-http-signatures, which we have been
> using on a project to add some authenticity to HTTP/2 pushed content. I'm
> still processing your draft but can see how it might complement our
> approach or help satisfy the higher goal.
> >
>
> I'm glad to hear it. :) What kind of software winds up checking that
> authenticity? How do you transmit the public key? Do you need to
> revoke keys or prevent downgrade attacks? (I'd be happy to read a
> document about this, if you have one, rather than making you retype it
> on the mailing list.)
>
> Thanks,
> Jeffrey
>

v2.23.0 | Report a Bug | By Email