Re: Web Keys and HTTP Signatures

Manu Sporny <msporny@digitalbazaar.com> Thu, 18 April 2013 18:36 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01CC221F9397 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Apr 2013 11:36:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yZ4D0PFqPn8a for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Apr 2013 11:36:35 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 1E7E721F9370 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 18 Apr 2013 11:36:35 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UStg0-00007R-8I for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Apr 2013 18:35:20 +0000
Resent-Date: Thu, 18 Apr 2013 18:35:20 +0000
Resent-Message-Id: <E1UStg0-00007R-8I@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1UStfs-0008VP-Uv; Thu, 18 Apr 2013 18:35:12 +0000
Received: from [216.252.204.51] (helo=mail.digitalbazaar.com) by maggie.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1UStfr-0006bs-Un; Thu, 18 Apr 2013 18:35:12 +0000
Received: from zoe.digitalbazaar.com ([192.168.0.99] ident=msporny) by mail.digitalbazaar.com with esmtp (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1UStfW-0006on-HY; Thu, 18 Apr 2013 14:34:50 -0400
Message-ID: <51703CCA.5050009@digitalbazaar.com>
Date: Thu, 18 Apr 2013 14:34:50 -0400
From: Manu Sporny <msporny@digitalbazaar.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.5) Gecko/20120624 Icedove/10.0.5
MIME-Version: 1.0
To: Carsten Bormann <cabo@tzi.org>
CC: Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
References: <516F14E1.5040503@digitalbazaar.com> <CADcbRROBGawSJ+=XWnhNN8SAszZF-LX9x+cuTBbLxicXmz_qPg@mail.gmail.com> <599A4C36-D3AC-46D5-8DA9-12D1EB9A6B9F@tzi.org> <51701D20.8020901@digitalbazaar.com> <34CDD6D5-32B6-477D-9F0E-7D6940DE02D9@tzi.org>
In-Reply-To: <34CDD6D5-32B6-477D-9F0E-7D6940DE02D9@tzi.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Received-SPF: none client-ip=216.252.204.51; envelope-from=msporny@digitalbazaar.com; helo=mail.digitalbazaar.com
X-W3C-Hub-Spam-Status: No, score=-2.8
X-W3C-Hub-Spam-Report: AWL=-4.054, RDNS_NONE=1.274
X-W3C-Scan-Sig: maggie.w3.org 1UStfr-0006bs-Un 1f9945b6cd019b072f5a4a3ac9af166f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Web Keys and HTTP Signatures
Archived-At: <http://www.w3.org/mid/51703CCA.5050009@digitalbazaar.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17345
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 04/18/2013 12:39 PM, Carsten Bormann wrote:
> No, I just reported that I got stuck trying to find out the security
>  properties.

Ok, that wasn't clear. More on this below...

> I was also unclear about the security objectives.  This is starting 
> to become a bit clearer with the discussion now, but that doesn't 
> replace a good exposition of what you are trying to achieve/what you
>  think you have achieved.

This might help with respect to the Web Keys specification:

https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/

This might help with respect to the Web Payments work:

http://blog.meritora.com/launch/

> So, for instance, I'd like to understand your stance on replay a bit 
> better.

Short story: Replay is bad, we try to prevent it. :)

We have two protections against replay attacks in Web Key digital
signatures. The first is a nonce, which is optional under certain
circumstances. The second is a datetime stamp which is used to
time-block an attack period (for example - 5 minutes).

We made nonces optional as not everyone will require them. The Web
Payments specs require nonces to be implemented correctly as an
additional security measure. We also require payment processors to
always use HTTPS as a further security measure.

The documentation is pretty dated on this stuff, but you can read more
about it here:

https://payswarm.com/specs/source/web-keys/#the-response-token

and here:

https://payswarm.com/specs/source/web-keys/#message-signature-algorithm

> RFC 3552 and RFC 4101 may be good reading for the kind of question 
> that tends to come up, and RFC 4949 will give you some terminology
> to minimize ambiguity.

Yep, we're working on explanations about the design behind web keys.
Unfortunately, the spec is quite out of date. Implementations match the
current design, but we need to move what we do in the implementations
back into the Web Keys spec.

Keep in mind that the HTTP Signatures spec intended to be a sub-section
of Web Keys. We could publish it separately if that would move it toward
REC (at W3C) or RFC (at IETF) faster.

> Thanks a lot for the appraisal of the httpauth candidates -- this 
> will be really useful input for the work of that WG.

I'll send another e-mail to that mailing list to make sure that we're
engaging the right community. I'll stop cc'ing the HTTP WG shortly,
unless the conversation should continue in this group as well?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/