IETF Logo Mail Archive

Re: Artart last call review of draft-ietf-httpbis-message-signatures-16

Harald Alvestrand <harald@alvestrand.no> Thu, 30 March 2023 06:16 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA27C159A24 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 29 Mar 2023 23:16:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.648
X-Spam-Level:
X-Spam-Status: No, score=-7.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WmmohRNojfBI for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 29 Mar 2023 23:16:20 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 015B3C153CA8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 29 Mar 2023 23:16:19 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1phlZn-0084yM-KS for ietf-http-wg-dist@listhub.w3.org; Thu, 30 Mar 2023 06:15:59 +0000
Resent-Date: Thu, 30 Mar 2023 06:15:59 +0000
Resent-Message-Id: <E1phlZn-0084yM-KS@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <harald@alvestrand.no>) id 1phlZl-0084xU-K5 for ietf-http-wg@listhub.w3.org; Thu, 30 Mar 2023 06:15:58 +0000
Received: from [2a01:4f9:c010:a44b::1] (helo=smtp.alvestrand.no) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <harald@alvestrand.no>) id 1phlZh-00HTLZ-UL for ietf-http-wg@w3.org; Thu, 30 Mar 2023 06:15:57 +0000
Received: from [31.133.130.172] (dhcp-82ac.meeting.ietf.org [31.133.130.172]) by smtp.alvestrand.no (Postfix) with ESMTPSA id BFBA64B59A; Thu, 30 Mar 2023 08:15:40 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------ze35V9pTZ7x1ZFAt3pdqdLNN"
Message-ID: <342c58f0-4528-e941-1c49-c0fd223e6d5b@alvestrand.no>
Date: Thu, 30 Mar 2023 15:15:36 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
Content-Language: en-US
To: "Backman, Annabelle" <richanna@amazon.com>
Cc: Justin Richer <jricher@mit.edu>, HTTP Working Group <ietf-http-wg@w3.org>
References: <167814585078.47895.4452057535068050885@ietfa.amsl.com> <269E25AB-0D57-4F5A-BBDD-D04060C84E9E@mit.edu> <fc560173-d90f-672b-78ac-2d76c660e874@alvestrand.no> <F44B4103-BAAC-4801-B95A-74BAC00F96EB@amazon.com>
From: Harald Alvestrand <harald@alvestrand.no>
In-Reply-To: <F44B4103-BAAC-4801-B95A-74BAC00F96EB@amazon.com>
Received-SPF: pass client-ip=2a01:4f9:c010:a44b::1; envelope-from=harald@alvestrand.no; helo=smtp.alvestrand.no
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1phlZh-00HTLZ-UL fab82cc8dbe3495c6044060011a770ac
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Artart last call review of draft-ietf-httpbis-message-signatures-16
Archived-At: <https://www.w3.org/mid/342c58f0-4528-e941-1c49-c0fd223e6d5b@alvestrand.no>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/50890
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for the additional information! (and apologies for being slow in 
responding!)

So from this reviewer's viewpoint, the draft would be a much better 
candidate for the standards track if it included a section on precedents 
and their usages, something like:

History
====

This specification was inspired by the AWS "SigV4" signature mechanism, 
which is used in systems like AWS Identity and AWS Security Token Service.

When building a complete security system based on this toolkit, it is 
recommended to study those existing systems and their security 
considerations in order to offer a service that achieves the security 
goals of the system.

---------------

(Of course a spec that showed how to plug this mechanism into OAuth2, 
and discussing the security properties of that solution, would also 
satisfy my concern. The big issue I have is that people may use this 
framework without having performed appropriate security analysis, and 
thus build insecure systems.)

Harald


On 3/15/23 13:46, Backman, Annabelle wrote:
> As Justin mentioned, AWS uses a proprietary HTTP request signature 
> algorithm called "Signature V4” or “SigV4”, which uses a similar 
> pattern as HTTP Message Signatures. Version 4 has been in use for over 
> a decade, and today SigV4 signatures are required on nearly all 
> authenticated HTTP requests to AWS APIs. While many clients use the 
> implementation that AWS provides as part of our SDKs, some clients opt 
> to write their own implementations. (a simple Google search for “aws 
> sigv4 implementation" 
> <https://www.google.com/search?q=aws+sigv4+implementation> shows 
> several non-AWS implementations on Github, NPM, etc.)
>
> You can find a complete description of SigV4 in the AWS General 
> Reference guide 
> <https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html>.
>
> Note that like HTTP Message Signatures, SigV4 is not a complete 
> security protocol. It’s simply an algorithm for crafting a detached 
> signature over portions of an HTTP request. AWS combines it with other 
> systems (e.g., AWS Identity and Access Management, AWS Security Token 
> Service) to complete the picture. The authors similarly expect HTTP 
> Message Signatures to be plugged into existing security protocols such 
> as OAuth 2.0, where there are already well-defined mechanisms for 
> establishing and managing keys, identifying parties, etc. Extending 
> HTTP Message Signatures to make it more of a full security protocol 
> would thus be duplicative, and significantly limit its utility.
>
>> On 7 Mar 2023, at 19:43, Harald Alvestrand <harald@alvestrand.no> wrote:
>>
>> CAUTION: This email originated from outside of the organization. Do 
>> not click links or open attachments unless you can confirm the sender 
>> and know the content is safe.
>>
>>
>>
>> Thanks for the comments on the review!
>>
>> One particular point, which I think is the most important:
>>
>> On 3/7/23 18:39, Justin Richer wrote:
>>>>
>>>> IF it is possible to:
>>>> - Describe 2 or more “applications” (in the document’s terminology)
>>>> that serve
>>>> an useful function in securing some part of the ecosystem against some
>>>> attack -
>>>> Implement these functions in a way that exercises a fairly
>>>> comprehensive subset
>>>> of the behaviors mandated in this document - Run the resulting
>>>> application in a
>>>> real environment for some significant period of time, and observe 
>>>> that the
>>>> number of canonicalization errors resulting in validation failure is
>>>> insignificant to zero THEN it seems to me reasonable to place this 
>>>> on the
>>>> standards track.
>>>>
>>>> Until then, I think this best belongs as an experimental protocol that
>>>> people
>>>> can implement to gather experience with, not something that the IETF
>>>> should
>>>> publish as a consensus standards-track protocol.
>>>>
>>>
>>> There are many very real applications from which this draft’s text was
>>> distilled over the last few years. The general approach in this document
>>> has been in use for well over a decade, in production and at scale, in
>>> multiple deployed systems.
>>>
>>> Amazon’s SIGv4 is probably the most well-exercised version of this
>>> approach, and it’s still in use today (I can’t speak for Amazon’s plans
>>> but they are sponsoring one of the editors to work on this draft):
>>> https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html 
>>> <https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html>
>>>
>>> The engineers behind this original work at Amazon published their
>>> original I-D back in 2013, known as the Cavage draft in the community.
>>> This has many implementations in different versions on different
>>> systems:
>>> https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00
>>> <https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00>
>>>
>>> One of the bigger ones out there is the Mastodon ecosystem, which uses
>>> its own version of the Cavage draft:
>>> https://docs.joinmastodon.org/spec/security/#http
>>> <https://docs.joinmastodon.org/spec/security/#http>
>>>
>>> As do financial profiles including FAPI, PSD2, and the Berlin Group’s
>>> work. This is to say nothing of other efforts out there that have
>>> invented or re-invented parts of this specification for their own 
>>> purposes.
>>>
>>
>> Given the number of current users cited - is it possible to get at least
>> one of those to document their approach and why it works for them, in a
>> form that we could include at least as an informational reference?
>>
>> A *lot* of my concerns would be assuaged if we could see a worked
>> example of an application using this toolkit.
>>
>> Harald
>>
>>
>

v2.23.0 | Report a Bug | By Email