IETF Logo Mail Archive

Re: Origin-signed responses

Jeffrey Yasskin <jyasskin@google.com> Thu, 07 September 2017 00:24 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C83713292C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 6 Sep 2017 17:24:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdpFcwBImhNJ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 6 Sep 2017 17:24:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63F721326EC for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 6 Sep 2017 17:24:40 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1dpkZw-0007FP-Ij for ietf-http-wg-dist@listhub.w3.org; Thu, 07 Sep 2017 00:21:56 +0000
Resent-Date: Thu, 07 Sep 2017 00:21:56 +0000
Resent-Message-Id: <E1dpkZw-0007FP-Ij@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1dpkZg-0007EY-Um for ietf-http-wg@listhub.w3.org; Thu, 07 Sep 2017 00:21:40 +0000
Received: from mail-wr0-f176.google.com ([209.85.128.176]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1dpkZf-0005et-MZ for ietf-http-wg@w3.org; Thu, 07 Sep 2017 00:21:40 +0000
Received: by mail-wr0-f176.google.com with SMTP id v109so1024978wrc.1 for <ietf-http-wg@w3.org>; Wed, 06 Sep 2017 17:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=F7dFv8KEbuDabVGcUZjDS0SFUgxUfMhLF2ETSLjCSQs=; b=bi/TWjIyXEJSm1syyHS7Poz3sOxc82ACF5njDUeiHVghS0UppMrDYoVrWbaOWt+PQN 16s7pqwADPFdqJ8LBg+3fD2JvY5teN+BoI0WEfV2qiYmZc4TH6gyUsjow75eYGp/djLh mGfbq4F2NPthOZry2IybWcKAuD97L7rrr3BjBAHJ2MwsUSA9/MIcfsy5+JJCljWL82Mo 9hKlj45GFTRpdPULwPTKaGA5Cqu5n5EAOikNHEpAWOs4FZNgx8klrqoK99Si08uze+E9 tvdmUfkdoXOw/ZAvFEgBEYZ54G+DCVKUFHWNEfxW6S9rZdsz2NW7qxs+DcYAHUBPrTqP jfUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=F7dFv8KEbuDabVGcUZjDS0SFUgxUfMhLF2ETSLjCSQs=; b=JPbZLsYHq0WSWepdchIll1wzYdXDdFPOZL0Zr7u1CCp8DDl8nVWvGEssySAgJN+fwN iWvkkS8cox2KVG4BpNucea/+CrcbqWAabnzdyS3EflSBB6rT/YHoUAnVnhqR/W40oxQl kCJhpQDSbBh7AsZnPX2l5bzHJozYHXtKiuOL2+BSyAMl8oMBGX5kaNe+b/zC9Wdy2WXb evSN+G+LZfTK9pmXtWW3VX7+8T/EQw0tXN7Ohng6r8IbGEMZHjeOPBruoYvpFBuLaT0W EasXtPlNMegnhGV/GDbGqhfBrj6nBPDboJe1DbQdSJnupcATU6M32JiVN5hvbp9hM8RK aMuA==
X-Gm-Message-State: AHPjjUi95qNYvKLsA09ca0jMGX95GAGEwZuuwxxds5WGKZmlsx9wO7Z2 h27a0oEuGfIijmLAfCYfsBNskVQKmgLsqlDTT+AfTw==
X-Google-Smtp-Source: ADKCNb6JdB7iNt2poRKSPFqLrrAGnWl7hLdmH9F3zZTdmj5D/EXpR1P/dXEfclLQsLu/PUux2+ffWa/DgD+47Vv6MrU=
X-Received: by 10.223.197.199 with SMTP id v7mr282619wrg.290.1504743677624; Wed, 06 Sep 2017 17:21:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.156.132 with HTTP; Wed, 6 Sep 2017 17:20:56 -0700 (PDT)
In-Reply-To: <7CF7F94CB496BF4FAB1676F375F9666A37766C6F@bgb01xud1012>
References: <CANh-dXkbqBpGUrr-dXceQ5HzDjC6mSrrudTKjWwaBQcSO584ug@mail.gmail.com> <7CF7F94CB496BF4FAB1676F375F9666A37766651@bgb01xud1012> <CANh-dX=AFEmJ-yuHxnSYycxN2Rv8V40LzwYeDHGtgZEoJeVHog@mail.gmail.com> <7CF7F94CB496BF4FAB1676F375F9666A3776666B@bgb01xud1012> <CANh-dX=ocTOOq1xnTEf9Da5vPEaXo3qJu3QDD00T4nsuoMx_7A@mail.gmail.com> <7CF7F94CB496BF4FAB1676F375F9666A37766C6F@bgb01xud1012>
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Wed, 06 Sep 2017 17:20:56 -0700
Message-ID: <CANh-dX=zeFx=s9zPp9pcM-2UM84SotERd4bsyX-U7tyvkjP7jQ@mail.gmail.com>
To: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="089e08244664628c9205588e7030"
Received-SPF: pass client-ip=209.85.128.176; envelope-from=jyasskin@google.com; helo=mail-wr0-f176.google.com
X-W3C-Hub-Spam-Status: No, score=-8.9
X-W3C-Hub-Spam-Report: AWL=2.886, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1dpkZf-0005et-MZ eda69759a432a7ae61ca74a9188b6015
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Origin-signed responses
Archived-At: <http://www.w3.org/mid/CANh-dX=zeFx=s9zPp9pcM-2UM84SotERd4bsyX-U7tyvkjP7jQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34438
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

draft-yasskin-http-origin-signed-responses does plan to require that the
certificate is trusted for the sender's origin. My proposal doesn't require
the certificate to include the sender's source IP, so if you need that in
addition to the origin, you'd wind up profiling mine too.

On Wed, Sep 6, 2017 at 12:51 PM, Lucas Pardue <Lucas.Pardue@bbc.co.uk>
wrote:

> Hi Jeffrey,
>
> You make a good observation. draft-pardue-quic-http-mcast-01 skips some
> details, we have an implementation that does some additional things that
> aren't explain anywhere (yet). Since this is Alt-Svc, we try to follow
> those security expectations in our implementation, to form a bit of a
> closed loop. The sender's signature keyID is in the form of a certificate
> that is valid for the sender's source IP and the origin.
>
> Is that similar to draft-yasskin-http-origin-signed-responses?
>
> draft-cavage-http-signatures leaves the usage of KeyId open, so looking
> ahead we'd have to profile or mandate our approach. If your proposal is
> stricter, that could help simplify things for us in terms of documentation
> and getting wider adoption/support.
>
> Lucas
> ------------------------------
> *From:* Jeffrey Yasskin [jyasskin@google.com]
> *Sent:* 06 September 2017 19:47
>
> *To:* Lucas Pardue
> *Cc:* HTTP Working Group
> *Subject:* Re: Origin-signed responses
>
> Thanks. In draft-pardue-quic-http-mcast-01 you do have enough of a
> channel in the Alt-Svc header to transmit a signing key, so you could use
> draft-cavage-http-signatures, but the spec and examples show the public key
> being identified alongside the signature, which isn't enough to establish
> that the expected sender is actually the one that signed the message.
>
> draft-yasskin-http-origin-signed-responses would be harder to use
> incorrectly inside higher-level protocols, since it insists that the key is
> trusted for the example.com domain.
>
> Jeffrey
>
> On Fri, Sep 1, 2017 at 10:36 AM, Lucas Pardue <Lucas.Pardue@bbc.co.uk>
> wrote:
>
>> We've written up some of it in the I-D draft-pardue-quic-http-mcast.
>> Section 6 and appendix B are particularly relevant.
>>
>> We expect the checks to happen in the application code, running in or
>> above a HTTP UA of some sort. E.g. an app that incorporates libcurl, or
>> JavaScript application code executing in a browser.
>>
>> Lucas
>> ________________________________________
>> From: Jeffrey Yasskin [jyasskin@google.com]
>> Sent: 01 September 2017 18:18
>> To: Lucas Pardue
>> Cc: HTTP Working Group
>> Subject: Re: Origin-signed responses
>>
>> On Fri, Sep 1, 2017 at 10:04 AM, Lucas Pardue <Lucas.Pardue@bbc.co.uk>
>> wrote:
>> > Hi Jeffrey,
>> >
>> > I spotted this yesterday and found it an interesting read, so thanks
>> for starting a discussion.
>> >
>> > Your draft references draft-cavage-http-signatures, which we have been
>> using on a project to add some authenticity to HTTP/2 pushed content. I'm
>> still processing your draft but can see how it might complement our
>> approach or help satisfy the higher goal.
>> >
>>
>> I'm glad to hear it. :) What kind of software winds up checking that
>> authenticity? How do you transmit the public key? Do you need to
>> revoke keys or prevent downgrade attacks? (I'd be happy to read a
>> document about this, if you have one, rather than making you retype it
>> on the mailing list.)
>>
>> Thanks,
>> Jeffrey
>>
>
>

v2.23.0 | Report a Bug | By Email