IETF Logo Mail Archive

HTTP Signing

Rob Sayre <sayrer@gmail.com> Fri, 22 November 2019 06:05 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C139120232 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 21 Nov 2019 22:05:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LcIiXPwA9wQ2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 21 Nov 2019 22:05:05 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4E4F120113 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 21 Nov 2019 22:05:04 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iY21T-0003v0-Ir for ietf-http-wg-dist@listhub.w3.org; Fri, 22 Nov 2019 06:02:27 +0000
Resent-Date: Fri, 22 Nov 2019 06:02:27 +0000
Resent-Message-Id: <E1iY21T-0003v0-Ir@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <sayrer@gmail.com>) id 1iY21R-0003u6-0Y for ietf-http-wg@listhub.w3.org; Fri, 22 Nov 2019 06:02:25 +0000
Received: from mail-il1-x12d.google.com ([2607:f8b0:4864:20::12d]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <sayrer@gmail.com>) id 1iY21P-0007v0-H0 for ietf-http-wg@w3.org; Fri, 22 Nov 2019 06:02:24 +0000
Received: by mail-il1-x12d.google.com with SMTP id z12so5784707ilp.2 for <ietf-http-wg@w3.org>; Thu, 21 Nov 2019 22:02:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vsFKZcjQFty+V8hJ4u1f5n4jFCUBSsYSk0qJ/DO+5Kc=; b=WDlTec7jlM9HT5KOmJUxewQ6BOS1K+gi54rdVcboYBiIUfM6+MMt+MKCg7tFjei94D XYqZkGAsLq1p+JgBHYfK6zQFpTWMu9tFyHXBHQ3luxxwwTg3p+vSjzP+UQFwGREGyEzn nSB1BCRbIzYq0E8C90EJlUfMGeUFcgF/qUFXb9DCUD2N//0KodJIoSNjS6PKBlHllhj/ NR0AeezJKsvI+EebQkt76KelGPHVosIBLiYt6T3zEq9JTNyq1lMVlKGsOOSQbQKhorWc dVTT2o3tYWhuvnsC134bP8ziEv38qWfB5T3w17UcWfcvzIAMo9lLW9vdbOaZaZw1rMs5 2F+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vsFKZcjQFty+V8hJ4u1f5n4jFCUBSsYSk0qJ/DO+5Kc=; b=fnkJziLzs6GjSJ3VT7qjulpcuTMUdYuQBH4cOhJ/gXn4PSroqq2g4hvrQzmMt7hxR5 lVvL0ZDVJRpyzitNbSn4a1cdrnFp7H1362FXGziSXNwzUt6MknvQnDQOPRdY2YQRxSP7 nw5GxzWQipLLtaIBcf/sYTS1CYgBw6Cvw14ow0ag28mL5WWk8rq2/xXc8OrYE/JZn/AY VpSliVfvrLtdRqbZOrbFLiGkrYCN6UgF5I9Eq8DZigIyhve9ucR5UkOPgL5x/VYGntO8 cVF6wyJ2w1L9CN0Ltme9FQWo9syy5QMH32/D0wJVqhzSPMzDdogcNDOQFs+5580PfzHv 6viw==
X-Gm-Message-State: APjAAAXfsJGUNwmgFujfBEL4XK8XZczPe1olArOOEwg+4i+xJW5dLXYD TqsIyMQllRgW1p7AsWOUKUBncKAnI+SeRq3FzUnjJqezUxY=
X-Google-Smtp-Source: APXvYqyZg3wUIPqJxTQkttKX+iVEC7sw3UndFjVPaBu0SJudtQTO3WDl6zEXvPFUNOErxsl5B1RceEBI4y2Pz712hq4=
X-Received: by 2002:a92:3a88:: with SMTP id i8mr14578718ilf.254.1574402540745; Thu, 21 Nov 2019 22:02:20 -0800 (PST)
MIME-Version: 1.0
From: Rob Sayre <sayrer@gmail.com>
Date: Thu, 21 Nov 2019 22:02:09 -0800
Message-ID: <CAChr6SwoGTULzG5jKsEbPRbzb1qK6F-sKT8ArEyQ3BA6T78YAQ@mail.gmail.com>
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000002cbbab0597e928ff"
Received-SPF: pass client-ip=2607:f8b0:4864:20::12d; envelope-from=sayrer@gmail.com; helo=mail-il1-x12d.google.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1iY21P-0007v0-H0 0d6ca9129aff453ffba3845e208e07a2
X-Original-To: ietf-http-wg@w3.org
Subject: HTTP Signing
Archived-At: <https://www.w3.org/mid/CAChr6SwoGTULzG5jKsEbPRbzb1qK6F-sKT8ArEyQ3BA6T78YAQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37168
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi,

I saw the "HTTP Signing" presentation in the SECDISPATCH meeting on
YouTube[1], and it seems like it's going to end up in this WG. Given the
people that spoke up at the mic, I'd like to suggest adopting something
very similar to AWSv4.

I've implemented the server side of AWSv4 in the past (not at Amazon). The
issues raised about splitting the HTTP request signing from higher-level
concerns are valid. However, I can also tell you that it's possible to use
off-the-shelf AWSv4 client SDKs, make up your own "service" name, and
implement the server side of the protocol. It's not too hard to imagine
what the server code might do if you read the example client code[2].

thanks,
Rob

[1] https://www.youtube.com/watch?v=CYBhLQ0-fwE
[2]
https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

v2.23.0 | Report a Bug | By Email