IETF Logo Mail Archive

Re: signatures vs sf-date

Justin Richer <jricher@mit.edu> Fri, 02 December 2022 20:58 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94C94C14F73E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 2 Dec 2022 12:58:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.751
X-Spam-Level:
X-Spam-Status: No, score=-7.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jmh18p5nFefV for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 2 Dec 2022 12:58:54 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4430FC14F722 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 2 Dec 2022 12:58:53 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1p1D7H-00AFby-Dk for ietf-http-wg-dist@listhub.w3.org; Fri, 02 Dec 2022 20:58:39 +0000
Resent-Date: Fri, 02 Dec 2022 20:58:39 +0000
Resent-Message-Id: <E1p1D7H-00AFby-Dk@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <jricher@mit.edu>) id 1p1D7F-00AFb1-H6 for ietf-http-wg@listhub.w3.org; Fri, 02 Dec 2022 20:58:37 +0000
Received: from outgoing-exchange-5.mit.edu ([18.9.28.59]) by mimas.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <jricher@mit.edu>) id 1p1D7E-005zM1-26 for ietf-http-wg@w3.org; Fri, 02 Dec 2022 20:58:37 +0000
Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id 2B2KwGV0005792; Fri, 2 Dec 2022 15:58:23 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1670014703; bh=yX9MRfgdS8OQncrhCHbYXPan5QMB7J/hl9h6aXcr8wM=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=Hec1YHCfwAuY4OOIar+Zm/3dJeGnBJXHx3qqTRJt5TEC9TGZoasJrn9vDnEB/1va2 5fhbzEKK1Fnmtmq7qY8O/dciyPGNIE0ryqS0O2kuT+rkXmYDp1cgyH0HKxAYcJthH8 Mpf7IMb8QFgIuRjOQbZUVxuuBL0JJQwPjzWslVNZOvVLEHYyDyOxacJLWUM0YcWCVX VRmuMaxg8T0PClDvQe6u44z7NuJdrDpapEWlv+jQBh7MzAmiYacB7zFkgQ7j2d7rbE ZiynGesl2VywHaWyHmFFQSReyK7nyHx7k6+ZjKp2R1xH0nFBaKT5eMwG4M90Z0aV8J VfgII8uiwjq+Q==
Received: from oc11expo8.exchange.mit.edu (18.9.4.13) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Fri, 2 Dec 2022 15:57:51 -0500
Received: from oc11exhyb4.exchange.mit.edu (18.9.1.100) by oc11expo8.exchange.mit.edu (18.9.4.13) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Fri, 2 Dec 2022 15:58:17 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by oc11exhyb4.exchange.mit.edu (18.9.1.100) with Microsoft SMTP Server (TLS) id 15.0.1497.42 via Frontend Transport; Fri, 2 Dec 2022 15:58:17 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XqSLCfGWZT6Dzbb0q24IcIMYjXy3tnQm97v45jpuBkCyJNJaSqt3gVgXtJRv2Sf9QYPgOpKvswYxylTa/ZFAOJVowwTpz+Fw0rCptcN2COFNZA1gcAZs7OSdLPTCZBfE0N0CPp212JbKGIx40dTtyBGUK0oixPS560V0mB3kPNhGxof7NK4GwNuzPFtcjNlbCWmFdzzljUurq1M6q0hoV3wOaLiglkQQSQW09CesaqbJXQttf9Zs0Em7PTwEOmXFjTIjl0OMtl/kiTCR4ulW4EL0YylM8NDY6H8jlzslea9GX4jLsPfCQMQckqAL8tD6wPIvY9oGq6DqyK3txh0lcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yX9MRfgdS8OQncrhCHbYXPan5QMB7J/hl9h6aXcr8wM=; b=eQJrPmYgiAuMbNawOCQWgr7UoRF4GjtGbOhi73W0po/MG7R0EbD1jtas0rlvB9p5P2ifn0e0kOl2sIGObgl0neOUt4K2toerK+CIPoNBvzaR7YVeFUntuGTEwRJmOZed+RwSxMjt/9mD7DFTwrUmEuglHYqna9nfAr68+B1LSSVCP/Mqf+k6DGQ/zMdq4CIq0fz1dg0xKO7jphlnY/SandbgA0KtrlUSDcJEbDW0VdkOwSVu3pCruYZKJn+8cuGdXwShyJX97L+Da64Vh6UheWJN1u9epLYSCKNSlRQUTcKWegAMB5euGiFOt6PGRXmLd6/XqXkxc2IepFyus3lsFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by PH7PR01MB8055.prod.exchangelabs.com (2603:10b6:510:278::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.8; Fri, 2 Dec 2022 20:58:16 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::5639:ceea:e5a7:c8dc]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::5639:ceea:e5a7:c8dc%7]) with mapi id 15.20.5857.023; Fri, 2 Dec 2022 20:58:16 +0000
From: Justin Richer <jricher@mit.edu>
To: Julian Reschke <julian.reschke@gmx.de>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: signatures vs sf-date
Thread-Index: AQHZBajPfV4YGnJ7nUGZN5+UsAk5Wq5aqIoAgAAC3YCAAGrgAA==
Date: Fri, 02 Dec 2022 20:58:16 +0000
Message-ID: <714A974B-2A87-4010-B415-C85F6B788175@mit.edu>
References: <2070c8e0-98d6-7b63-77c3-550bcd661397@gmx.de> <04A5CE20-A291-4FA4-A330-FB1090697EA1@mit.edu> <a8a2a20e-335a-7f6f-7fb0-809c54bb98fc@gmx.de>
In-Reply-To: <a8a2a20e-335a-7f6f-7fb0-809c54bb98fc@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR01MB4444:EE_|PH7PR01MB8055:EE_
x-ms-office365-filtering-correlation-id: 2fe017ca-d063-46d9-de13-08dad4a7ef32
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JYl0VhE37uddFkFBZgppxl1zm5cGa+jLoUm37vs7AxWOwQR+rXglxdC6eYQTyk/ja0ttuwm8VkYosJWBWrzAgeGqC6ThGlMiWdiJXRC8UTjEH5BUOdi1LSKXG1kPgx3EODXI3nnww2f0MsQpnDjjUw+UVPtJ/xCZvDDSBQqCdzb5MFSwkIXvK3GjMXntlQNHoO1FmDe83ygctZaYjcvQzGMPzO2eWzhUI8VS5J3Xg12pVymhkZMPhNw6T77ODLE50+klIZmWJQ7sJCVfyo70Y9vFjN3tcstvNa5HQdCq5MazYhMHffxYtROa9M8scJPheoVPQoBoKL2WBXXW4feRNYz3KoNJw8E8MqkeK6bYbGMzuAB5qkYNQH0gwfTiHfGtLRRvEltSoCPgJY4FET/5pHFo5fqI4Ah+sNcJhibO00OQ/COy8q73+N9gs50CI4wEIuefQjwY315gspY3JgvpCJZC8P18oSQjibLLsjqdiwtAAVPUsQtoarlHDAla0emha7bastE2icu74I34Hu1Y2BIeq2GQOh2WuYI+8lq2OLLH7bC2U/Crl1B0b4dY+wmAm8r/mUkC+ZXcyS3Giyyv2t+3Mn1FCHuz8KbQpf7CHWPI+ekj/SKYuRqNdeZL7sB41h4Isbvvm6BSTveOO1xY/g7fR2kKtv14jWgVznRQ5yK+OrmKMYUTrdsRZjfjGt/CRB/fKQxfrJiBuSasnctUdQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR01MB4444.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(346002)(39860400002)(366004)(136003)(376002)(396003)(451199015)(83380400001)(33656002)(122000001)(38100700002)(2906002)(3480700007)(38070700005)(86362001)(8936002)(66476007)(5660300002)(41300700001)(8676002)(75432002)(4326008)(26005)(6506007)(6512007)(786003)(186003)(2616005)(316002)(76116006)(6486002)(66446008)(64756008)(66946007)(91956017)(66556008)(71200400001)(478600001)(6916009)(36756003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Jd4CYYbavgKXMUh0Jsd/+6FC33xkJPPituB6foAPdRE2VmFvMCKHdgwTi50uFM8JLcRD3EyQXjj43akGo+8t1ZA5YxTRhNglyX30M1rsWo4CTsjXaxNI/0Ha3Lp2nEaFA93PndEqRLWzYrMwRGoLxOaV0wOJlIX6CGMwSjULW/cefgBOYI+4s2o12gXUAbLzrYP57NoyLDwwsK1s5po7EhNy8A8fmccl+6SnbkENjq8yA8QQxvGesM0LmQ6VdRh/wYfYTsW4JtHB/1wMdjCobCVlRf2bqsbvj+4ZyaicEtKCAhjimwJcrDyHlx9xwIeAjnicioLYJw5tdTVXdJ5dNbSIwVFUmy/8loMgJn5DqR0lmNZ0j72yJin0L/SNADmhu3B3WuCJsFfXr2bYmy/9TR7fd5pKbsJkv8OK/5x4ldHdm0QAQ3sddH97wFDZ69JVrfNBQjygweH7Hm+Fdu/2hXuNNi2uvOVdXySiDb+oDJyHQCrc5dlW79e9lkniPs/BdO2Pl3F0OqHZH/3CXUf0tLsFLJRS/L/DNh/dXLpGoEIiOW1boXPjN+a9uQKR/pQX6WOfWNzAGgyRZCYaf4VHAM5n/bzuuTcz9H1+1ncCF00NV9QV9hPdPn5wolxS5sZB3DjLOa4wK2LiXbZWVM1ibRQFe9cli9N45gIAGgQPxyvt8DUnqr2LenCzV7yj4vZQvCrM+VsXeVVKEFu5CmKxAs/IGu6OUv+1uPa7EmjZG5xGxkYjcjG6sYpB/ZbmrC/DQiwhvjpMDOy8FknuawWDAtDlRwInV1HkeVZ3Og9980oRjrRLDoVevLTVfGYOLizAcLFXGbM0coz3ZBkRU4DUB+0opMwjGHksN7zqNBjKDj9KMpb3Bp+N4KKrlP9eObvDyX4Q29l/uKES09Jj7ilCyFx1Xm7SDMyOsBHtLWMvZ7t9HMSghlyYBr1aobn6B1cKuItXdk4IVKnd28Z5Rhuuy1LB9bV5kPsVK/QBHCKdhBSHmMwNoeEFMYAZoPvktoP2kO5Z/alRhjm/9Um3lxzjUMY7nvAn6TrRKblY519pSSBGiAGYxrUjtLv/eUPZvPG+pmqFfXqTKVS7xoxWqRA29po3NFSKcE8xv557Oztyw0Xyn5Kn1TtYs27yWBT6gfHTNDHUDQb2Y2TSyT4TNiC3XH/V/sTjIoGAhQBWjJXssRIacpiFaMf8NMFNkt7Vr2lNR5jpcS3R5yNkY4+hoC7wLWD4IgNKthiV2aoWQ7caRkquil5NZHE9Iquwh+CxeKu8FdgwfxJG5lx22omTjqpvBeyE130gBpMAbk8gqPkrAAVEqWxbkYDeeKPCgwnH7FD2a/y5yk6Enh9PYFLgZRRVPL3IvL0c2qf4vdJCOcUqQXF+8jAfWPRsvhF+ezChjv4c0BO7yEU0rEhcGeoWglGE73CdcwdIGNmpsU6pGUmE3reCv8TtrHqp7fgRG1t2UJnS23hBDA32I2T+keL6WH0r3iTDg1NV/cM/Wt5BMbt5g01Pmz23KmyUVLFI3myEXzSSmpOpsbooZ19jyR504VGvwJFzLFEM5r2Xj9cBRIuy7OAW1lozR9nVBEFce64CfjrW
Content-Type: text/plain; charset="utf-8"
Content-ID: <36E4088C8837064486FDAC5130D14214@prod.exchangelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2fe017ca-d063-46d9-de13-08dad4a7ef32
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2022 20:58:16.3905 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KPjWHXb+yrCnA5G5yi9cEV7EFgyfGmyEy/TZGwO2Yzrxb25i2wDB/0EjgN7tqBQK
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR01MB8055
X-OriginatorOrg: mit.edu
X-W3C-Hub-DKIM-Status: validation passed: (address=jricher@mit.edu domain=mit.edu), signature is good
X-W3C-Hub-Spam-Status: No, score=-7.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1p1D7E-005zM1-26 cd85fbc014f3dd20abea949d6cfdf95a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: signatures vs sf-date
Archived-At: <https://www.w3.org/mid/714A974B-2A87-4010-B415-C85F6B788175@mit.edu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40629
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> 
>>> 2) When signing parts of a SF shaped field, should it support RFC
>>> 8941bis in some way?
>> 
>> That should “just work”. If you’re doing SF fields using the SF-bit or anything else that uses strict serialization rules, and your system needs and supports the SFbis definitions, then it should just work. Otherwise if someone sends you something that you can’t parse, well, then you need to figure out how to parse it, right?
>> 
>> I don’t think there’s any change that needs to be made for that. If SFbis gets out the door first (or even has an RFC number first), we can change the reference and call it a day. Or a @DATE. :)
> 
> Hmm.
> 
> If the sender sends something with an sf-date and signs that part,
> signature validation will fail on the recipient unless it also has SFBIS
> support, right?
> 
> So, rephrasing this in a more generic way: once SFBIS is out, do we
> expect everybody to update their libraries? And if so, what does this
> man for what we say in the signatures spec?
> 

I think this is going to be the problem with any upgrade that adds any new features to any system, isn’t it? If the signer is sending something in sf-date but the verifier can’t process sf-date … then that field value isn’t going to be processed correctly anyway, is it? Since the receiver wouldn’t be able to handle the sf-date field.

You have to upgrade your libraries and code to support new features. That is unsurprising and hardly unique to this current situation.

The question is what we should do about it here — and I’d argue we shouldn’t do anything about it in particular. 

 — Justin

v2.39.1 | Report a Bug | By Email | System Status