IETF Logo Mail Archive

Re: HTTP Unprompted Authentication

Ben Schwartz <bemasc@google.com> Thu, 20 October 2022 01:13 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD58FC14F73E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Oct 2022 18:13:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.261
X-Spam-Level:
X-Spam-Status: No, score=-10.261 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B98bwgSTDhPh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Oct 2022 18:12:59 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F091C15257E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 19 Oct 2022 18:12:58 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1olK4T-005gL9-HW for ietf-http-wg-dist@listhub.w3.org; Thu, 20 Oct 2022 01:10:05 +0000
Resent-Date: Thu, 20 Oct 2022 01:10:05 +0000
Resent-Message-Id: <E1olK4T-005gL9-HW@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <bemasc@google.com>) id 1olK4R-005gJr-LT for ietf-http-wg@listhub.w3.org; Thu, 20 Oct 2022 01:10:03 +0000
Received: from mail-io1-xd2e.google.com ([2607:f8b0:4864:20::d2e]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <bemasc@google.com>) id 1olK4P-00G5ZR-Sm for ietf-http-wg@w3.org; Thu, 20 Oct 2022 01:10:03 +0000
Received: by mail-io1-xd2e.google.com with SMTP id b79so15853934iof.5 for <ietf-http-wg@w3.org>; Wed, 19 Oct 2022 18:10:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SemHRo1h5/dqodSYF2e0kMYyeZVuhwkODyis0L0UPc8=; b=Skm1+A175cXYmNl+9sFRGbWaGXvX9/3Jwn/ncl7+mJ0fw3Tu4DYxMCjYc8aHNKoCiO N7inuPAIX1vRUN9YJ44El03oTrPDlbjhdVUAgbFUbCSK3tGl2y1dsKU17rlJG9Pyzndq b2atgyo6xYcii0lHhwuUWPD3yQDPWBkCICND3QSBxRY+DaUoZqpiT9jjabB1CP/+xvm/ +uw4WTox1yAoOYb5DVC6KoIih9mTLH5Ja99MYTC1AC4loDcIisrNziaw11tWWV8yoTyW 0K85xDd4f4SVwKPBHaIjOLNUzdkjkjm0H/aHYsfVY/6WVs5AcqdCIktf+2u/3o4HoBFF TmlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SemHRo1h5/dqodSYF2e0kMYyeZVuhwkODyis0L0UPc8=; b=rrZ/djYqydYgmBMzJdIfXYw1iENJ+Lhr3IIh2OkdvPtnSl3EV/BNBE6JkCjIBcxe3x kI00APhkkavfj8FkhoSOMmHpCdObMKBrAi+fzQGZlopFAz0nFgts4qwImwcfAN8uDGWX cFU7flDf/FKt/EZ+/4OhintQkfFiI+3Kfk+qWZrrWdNkIYquByBgvqSOW3g7lI8Fpofk /4PEEV8n3uUv6dFWGwcS8BWYzIvRU/xwUc6xhs4hJVM9cgctBBxhIFSnRS805XepiFan QwM+rajiSJaL2wBAoF0zUuZaSD5xGRsSgXe6tOFuxger49XpW5KYC/fdHsK5bbac3bJj 1FkQ==
X-Gm-Message-State: ACrzQf2AkbvE+JxUtg9B9fReHjl+QFKXij0ny9eYnG0JhCuxPS9um/Xr ninIKE8jenGwIlRagN4Fr/4BbqnZl738zUvbSUTWRa6z2co=
X-Google-Smtp-Source: AMsMyM4gIuLJbalU9iVOGPcCvPlzQrAhqAjjLHPXeKNcwyW1eBdpvzXYLUdJkCwJ0eRU8bdkwE5fa5fTydCSMrElSv8=
X-Received: by 2002:a02:3501:0:b0:362:6098:6ded with SMTP id k1-20020a023501000000b0036260986dedmr8567035jaa.287.1666228189416; Wed, 19 Oct 2022 18:09:49 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsCWsLsaNXi4J+DbOvpvjxx8m11F0NpgEeZUY34n89hYtQ@mail.gmail.com> <CAPDSy+7-XDSSeqFx5FWkSbej6fAGvvMdDKExghgS0DO6BeGL=g@mail.gmail.com> <CAHbrMsCTqiuqNHbuLJTY5E0u2obOYcVNcPUwt4Eg6=YggWLcZw@mail.gmail.com> <CAPDSy+4ZXvgwT6eQteqEUacuQ5fXRoq_DDyebrz5T-3SxzG3oQ@mail.gmail.com>
In-Reply-To: <CAPDSy+4ZXvgwT6eQteqEUacuQ5fXRoq_DDyebrz5T-3SxzG3oQ@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 19 Oct 2022 21:09:35 -0400
Message-ID: <CAHbrMsBXx=tHhi8u00=8iWc+zgyj-1Krq5eAc3z6bn_Q3h_6fw@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000005fb33005eb6cfb1b"
Received-SPF: pass client-ip=2607:f8b0:4864:20::d2e; envelope-from=bemasc@google.com; helo=mail-io1-xd2e.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=bemasc@google.com domain=google.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-21.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1olK4P-00G5ZR-Sm 0ca14c9d5eb2f1699a57a14ff9d28240
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP Unprompted Authentication
Archived-At: <https://www.w3.org/mid/CAHbrMsBXx=tHhi8u00=8iWc+zgyj-1Krq5eAc3z6bn_Q3h_6fw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40476
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

OK, that explains some things about the design.  It's definitely not what I
expected, and I'm interested to hear more about how this fits together.

Given that every multi-CDN shard is (1) authoritative for the origin, (2)
observes an arbitrary subset of the secret resources, and (3) is capable of
impersonating any user to the origin backend, I'm not sure I quite get the
threat model.  But maybe if each "shard" is a separate origin, and they
need to share user authentication keys across origins...

On Wed, Oct 19, 2022 at 6:08 PM David Schinazi <dschinazi.ietf@gmail.com>
wrote:

> You summarized the landscape pretty well - the main goal of asymmetric
> cryptography here is the case where the origin is sharded (e.g., the
> multi-CDN use case) and you don't want one of the shards to be able to
> impersonate a user to another shard. An example scenario is running
> on-ramps to Tor distributed amongst volunteers. This allows you to share
> the credentials of authorized users while preventing impersonation. I also
> agree with you that paths tend to leak not only in browser history, but in
> server access logs, etc.
>
> David
>
> On Wed, Oct 19, 2022 at 6:59 AM Ben Schwartz <bemasc@google.com> wrote:
>
>>
>>
>> On Tue, Oct 18, 2022 at 5:49 PM David Schinazi <dschinazi.ietf@gmail.com>
>> wrote:
>>
>>> Hi Ben,
>>>
>>> I don't think confidential HTTP resources are a solved problem. The
>>> unguessable path approach you describe is similar to a shared secret (à la
>>> symmetric cryptography) but there is no equivalent for
>>> asymmetric cryptography.
>>>
>>
>> I would appreciate some explanation of why asymmetric cryptography is
>> helpful in Unprompted Authentication.
>>
>> Normally, asymmetric signatures are used to prevent the verifier, or an
>> onlooker, from impersonating the signer.  However, that consideration does
>> not apply here, because the exchange is already confidential (thanks to
>> "https") between the verifier (the origin) and the signer (the client) so
>> there are no (untrusted) onlookers, and there is only one potential
>> verifier (the origin itself).
>>
>> Another possible threat would be an onlooker on the "bootstrap" path.
>> e.g. the email exchange in which the client learned about this confidential
>> resource.  However, such an onlooker has already learned about the
>> existence of the resource, thus defeating the confidentiality protection,
>> so it must be excluded from the threat model.
>>
>> If client keys are reused across multiple origins, this could justify the
>> use of asymmetric cryptography, but that would be a bad idea anyway for
>> linkability reasons.
>>
>> If I were trying to make the strongest case for Unprompted
>> Authentication, it would be that "unguessable" URLs tend to leak in browser
>> history, whereas other authorization credentials are more easily
>> protected.  This could justify the new HTTP header, but it doesn't imply
>> any use of asymmetric crypto.
>>
>>
>>> While I think your draft is interesting and worth discussing, I think
>>> the technology overlap isn't big enough to warrant discussing the two
>>> drafts together - they're separate proposals with different goals.
>>>
>>
>> They're definitely separate, and use unrelated technology.  I do think
>> the ultimate goals overlap considerably.
>>
>>>

v2.23.0 | Report a Bug | By Email