IETF Logo Mail Archive

#1207: Signature Negotiation and Want-Signature

Justin Richer <jricher@mit.edu> Fri, 23 July 2021 20:55 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A55B93A191B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 23 Jul 2021 13:55:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.895
X-Spam-Level:
X-Spam-Status: No, score=-2.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DsJcubhzUyDv for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 23 Jul 2021 13:55:19 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBEBA3A191A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 23 Jul 2021 13:55:19 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1m72AG-0001AL-IC for ietf-http-wg-dist@listhub.w3.org; Fri, 23 Jul 2021 20:53:00 +0000
Resent-Date: Fri, 23 Jul 2021 20:53:00 +0000
Resent-Message-Id: <E1m72AG-0001AL-IC@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <jricher@mit.edu>) id 1m72AE-00019Z-6X for ietf-http-wg@listhub.w3.org; Fri, 23 Jul 2021 20:52:58 +0000
Received: from outgoing-auth-1.mit.edu ([18.9.28.11] helo=outgoing.mit.edu) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <jricher@mit.edu>) id 1m72AB-0007wX-Mv for ietf-http-wg@w3.org; Fri, 23 Jul 2021 20:52:57 +0000
Received: from [192.168.1.49] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 16NKqiBo011671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf-http-wg@w3.org>; Fri, 23 Jul 2021 16:52:45 -0400
From: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A81C15DE-1340-4758-9924-63068119CAA8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Message-Id: <B9DFE3B9-A4B5-4749-ADF9-F4369689E223@mit.edu>
Date: Fri, 23 Jul 2021 16:52:44 -0400
To: HTTP Working Group <ietf-http-wg@w3.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
X-W3C-Hub-Spam-Status: No, score=-7.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1m72AB-0007wX-Mv 58d7602af9a69da229071c9826bf7fa1
X-Original-To: ietf-http-wg@w3.org
Subject: #1207: Signature Negotiation and Want-Signature
Archived-At: <https://www.w3.org/mid/B9DFE3B9-A4B5-4749-ADF9-F4369689E223@mit.edu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39073
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

The editors of the signatures draft are looking at what it would take to add a negotiation feature to the Message Signatures draft, as it’s been requested a number of times and tracked specifically in http-extensions issue #1207. I want to give our rough strawman here and gather feedback, which we’ll then incorporate into a more concrete PR. None of this is meant to be spec-level text, but we’re looking for feedback on the approach, applicability, and extent of this feature.


We’re proposing a “Want-Signature” header that can be used in both requests and responses. The value of this header is a Dictionary structured field, mimicking the “Signature-Input” header’s contents today, using named signature identifiers as keys and signature parameters structures as values (note that these are defined as inner-lists with named parameters). The sender of the Want-Signature header would need to choose a signature identifier for each included element.


When used in a request, the Want-Signature header indicates that the client wants the server to sign the response using the signature parameters. The server should (must?) sign all of the listed identifiers, using the identified key and algorithm if present. The resulting signature should (must?) be returned using the same signature identifier as in the request. The client can here indicate identifiers that bind the response to the request, including the @request-response identifier (recently added in the editors copy[2], if you haven’t seen it). 


When used in a response, the Want-Signature header indicates that the server wants the client to sign its :next: request using the signature parameters. The client should (must?) sign all of the listed identifiers, using the identified key and algorithm if present. The resulting signature should (must?) be presented using the same signature identifier as in the response header in the next request.


A responder on either end can always send multiple signatures, one that meets requested parameters and one that might not (signs more, signs less, uses different algorithms, uses different keys, etc). It will always be up to the receiver of a signature to determine if the signature meets their needs, regardless of what was requested.


A few core open questions we aren’t sure on (or, quite frankly, the editors disagree on where to start):

- When multiple values are sent, is this an AND or an OR of parameters? Do I have to send something that fits only one, or one for each, or one for all of them, or … ?
- Could a signature response include additional fields as opposed to just what’s listed? So let’s say I ask for (a b c), is it OK if I get (a b c d) in response? Ordering of the signed elements isn’t an issue here with how signatures are generated, more an issue of set math.
 - Similarly, what about parameters on the signed request? Can I fill in a “keyid" if none is specified? What about “alg”? I would assume “created” would always be added. Could I substitute a parameter value?
 - How do we handle error conditions if the responder is unable to fulfill the parameters of the requested signature? Should this be handled with an all out error or could we reply “successfully” but have a separate signature that doesn’t meet parameters?
 - Bikeshedding: should this be Want-Signature? Accept-Signature? Really-Need-You-To-Sign-This?

And finally this brings up another higher-level question: how does this align with, or possibly subsume, the http-origin-signed-responses[3] work from WEBPACK? Now that Message Signatures more properly covers responses and has clearer algorithm and key identifiers, the kinds of signed exchange defined in that draft are more able to be expressed using Message Signatures. This “Want-Signature” element is perhaps the last missing piece, as the WEBPACK proposal defines an “Accept-Signature” header with similar functions.

Thanks,

 — Justin

[1] https://github.com/httpwg/http-extensions/issues/1207 <https://github.com/httpwg/http-extensions/issues/1207>
[2] https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-2.3.11 <https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-2.3.11>
[3] https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html <https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html>

v2.23.0 | Report a Bug | By Email