Re: Artart last call review of draft-ietf-httpbis-message-signatures-16
Harald Alvestrand <harald@alvestrand.no> Thu, 30 March 2023 06:16 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA27C159A24 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 29 Mar 2023 23:16:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.648
X-Spam-Level:
X-Spam-Status: No, score=-7.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WmmohRNojfBI for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 29 Mar 2023 23:16:20 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 015B3C153CA8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 29 Mar 2023 23:16:19 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1phlZn-0084yM-KS for ietf-http-wg-dist@listhub.w3.org; Thu, 30 Mar 2023 06:15:59 +0000
Resent-Date: Thu, 30 Mar 2023 06:15:59 +0000
Resent-Message-Id: <E1phlZn-0084yM-KS@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <harald@alvestrand.no>) id 1phlZl-0084xU-K5 for ietf-http-wg@listhub.w3.org; Thu, 30 Mar 2023 06:15:58 +0000
Received: from [2a01:4f9:c010:a44b::1] (helo=smtp.alvestrand.no) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <harald@alvestrand.no>) id 1phlZh-00HTLZ-UL for ietf-http-wg@w3.org; Thu, 30 Mar 2023 06:15:57 +0000
Received: from [31.133.130.172] (dhcp-82ac.meeting.ietf.org [31.133.130.172]) by smtp.alvestrand.no (Postfix) with ESMTPSA id BFBA64B59A; Thu, 30 Mar 2023 08:15:40 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------ze35V9pTZ7x1ZFAt3pdqdLNN"
Message-ID: <342c58f0-4528-e941-1c49-c0fd223e6d5b@alvestrand.no>
Date: Thu, 30 Mar 2023 15:15:36 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
Content-Language: en-US
To: "Backman, Annabelle" <richanna@amazon.com>
Cc: Justin Richer <jricher@mit.edu>, HTTP Working Group <ietf-http-wg@w3.org>
References: <167814585078.47895.4452057535068050885@ietfa.amsl.com> <269E25AB-0D57-4F5A-BBDD-D04060C84E9E@mit.edu> <fc560173-d90f-672b-78ac-2d76c660e874@alvestrand.no> <F44B4103-BAAC-4801-B95A-74BAC00F96EB@amazon.com>
From: Harald Alvestrand <harald@alvestrand.no>
In-Reply-To: <F44B4103-BAAC-4801-B95A-74BAC00F96EB@amazon.com>
Received-SPF: pass client-ip=2a01:4f9:c010:a44b::1; envelope-from=harald@alvestrand.no; helo=smtp.alvestrand.no
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1phlZh-00HTLZ-UL fab82cc8dbe3495c6044060011a770ac
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Artart last call review of draft-ietf-httpbis-message-signatures-16
Archived-At: <https://www.w3.org/mid/342c58f0-4528-e941-1c49-c0fd223e6d5b@alvestrand.no>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/50890
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Thanks for the additional information! (and apologies for being slow in responding!) So from this reviewer's viewpoint, the draft would be a much better candidate for the standards track if it included a section on precedents and their usages, something like: History ==== This specification was inspired by the AWS "SigV4" signature mechanism, which is used in systems like AWS Identity and AWS Security Token Service. When building a complete security system based on this toolkit, it is recommended to study those existing systems and their security considerations in order to offer a service that achieves the security goals of the system. --------------- (Of course a spec that showed how to plug this mechanism into OAuth2, and discussing the security properties of that solution, would also satisfy my concern. The big issue I have is that people may use this framework without having performed appropriate security analysis, and thus build insecure systems.) Harald On 3/15/23 13:46, Backman, Annabelle wrote: > As Justin mentioned, AWS uses a proprietary HTTP request signature > algorithm called "Signature V4” or “SigV4”, which uses a similar > pattern as HTTP Message Signatures. Version 4 has been in use for over > a decade, and today SigV4 signatures are required on nearly all > authenticated HTTP requests to AWS APIs. While many clients use the > implementation that AWS provides as part of our SDKs, some clients opt > to write their own implementations. (a simple Google search for “aws > sigv4 implementation" > <https://www.google.com/search?q=aws+sigv4+implementation> shows > several non-AWS implementations on Github, NPM, etc.) > > You can find a complete description of SigV4 in the AWS General > Reference guide > <https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html>. > > Note that like HTTP Message Signatures, SigV4 is not a complete > security protocol. It’s simply an algorithm for crafting a detached > signature over portions of an HTTP request. AWS combines it with other > systems (e.g., AWS Identity and Access Management, AWS Security Token > Service) to complete the picture. The authors similarly expect HTTP > Message Signatures to be plugged into existing security protocols such > as OAuth 2.0, where there are already well-defined mechanisms for > establishing and managing keys, identifying parties, etc. Extending > HTTP Message Signatures to make it more of a full security protocol > would thus be duplicative, and significantly limit its utility. > >> On 7 Mar 2023, at 19:43, Harald Alvestrand <harald@alvestrand.no> wrote: >> >> CAUTION: This email originated from outside of the organization. Do >> not click links or open attachments unless you can confirm the sender >> and know the content is safe. >> >> >> >> Thanks for the comments on the review! >> >> One particular point, which I think is the most important: >> >> On 3/7/23 18:39, Justin Richer wrote: >>>> >>>> IF it is possible to: >>>> - Describe 2 or more “applications” (in the document’s terminology) >>>> that serve >>>> an useful function in securing some part of the ecosystem against some >>>> attack - >>>> Implement these functions in a way that exercises a fairly >>>> comprehensive subset >>>> of the behaviors mandated in this document - Run the resulting >>>> application in a >>>> real environment for some significant period of time, and observe >>>> that the >>>> number of canonicalization errors resulting in validation failure is >>>> insignificant to zero THEN it seems to me reasonable to place this >>>> on the >>>> standards track. >>>> >>>> Until then, I think this best belongs as an experimental protocol that >>>> people >>>> can implement to gather experience with, not something that the IETF >>>> should >>>> publish as a consensus standards-track protocol. >>>> >>> >>> There are many very real applications from which this draft’s text was >>> distilled over the last few years. The general approach in this document >>> has been in use for well over a decade, in production and at scale, in >>> multiple deployed systems. >>> >>> Amazon’s SIGv4 is probably the most well-exercised version of this >>> approach, and it’s still in use today (I can’t speak for Amazon’s plans >>> but they are sponsoring one of the editors to work on this draft): >>> https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html >>> <https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html> >>> >>> The engineers behind this original work at Amazon published their >>> original I-D back in 2013, known as the Cavage draft in the community. >>> This has many implementations in different versions on different >>> systems: >>> https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 >>> <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00> >>> >>> One of the bigger ones out there is the Mastodon ecosystem, which uses >>> its own version of the Cavage draft: >>> https://docs.joinmastodon.org/spec/security/#http >>> <https://docs.joinmastodon.org/spec/security/#http> >>> >>> As do financial profiles including FAPI, PSD2, and the Berlin Group’s >>> work. This is to say nothing of other efforts out there that have >>> invented or re-invented parts of this specification for their own >>> purposes. >>> >> >> Given the number of current users cited - is it possible to get at least >> one of those to document their approach and why it works for them, in a >> form that we could include at least as an informational reference? >> >> A *lot* of my concerns would be assuaged if we could see a worked >> example of an application using this toolkit. >> >> Harald >> >> >
- Artart last call review of draft-ietf-httpbis-mes… Harald Alvestrand via Datatracker
- Re: Artart last call review of draft-ietf-httpbis… Justin Richer
- Re: Artart last call review of draft-ietf-httpbis… Harald Alvestrand
- Re: Artart last call review of draft-ietf-httpbis… Julian Reschke
- Re: Artart last call review of draft-ietf-httpbis… Julian Reschke
- Re: Artart last call review of draft-ietf-httpbis… Michael Sweet
- Re: Artart last call review of draft-ietf-httpbis… Justin Richer
- Re: Artart last call review of draft-ietf-httpbis… Michael Sweet
- Re: Artart last call review of draft-ietf-httpbis… Backman, Annabelle
- Re: Artart last call review of draft-ietf-httpbis… Backman, Annabelle
- Re: Artart last call review of draft-ietf-httpbis… Martin Thomson
- Re: Artart last call review of draft-ietf-httpbis… Backman, Annabelle
- Re: Artart last call review of draft-ietf-httpbis… Justin Richer
- Re: Artart last call review of draft-ietf-httpbis… Watson Ladd
- Re: Artart last call review of draft-ietf-httpbis… Harald Alvestrand
- Re: Artart last call review of draft-ietf-httpbis… Justin Richer