IETF Logo Mail Archive

Re: Call for Adoption: draft-richanna-http-message-signatures

"Richard Backman, Annabelle" <richanna@amazon.com> Mon, 13 January 2020 22:29 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67B97120909 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 Jan 2020 14:29:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.752
X-Spam-Level:
X-Spam-Status: No, score=-2.752 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6mUavuEML2hf for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 Jan 2020 14:29:45 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF3EA12006D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 13 Jan 2020 14:29:45 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ir8Ap-000794-1F for ietf-http-wg-dist@listhub.w3.org; Mon, 13 Jan 2020 22:27:03 +0000
Resent-Date: Mon, 13 Jan 2020 22:27:03 +0000
Resent-Message-Id: <E1ir8Ap-000794-1F@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <prvs=274a3aa5a=richanna@amazon.com>) id 1ir8Am-00078F-OR for ietf-http-wg@listhub.w3.org; Mon, 13 Jan 2020 22:27:00 +0000
Received: from smtp-fw-6002.amazon.com ([52.95.49.90]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <prvs=274a3aa5a=richanna@amazon.com>) id 1ir8Al-0000Ov-9u for ietf-http-wg@w3.org; Mon, 13 Jan 2020 22:27:00 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1578954419; x=1610490419; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=TyfGHJsvv9fo+KeO/u2RAdLeyDHKMIEDIg4EjpUaFxQ=; b=sRIMD+RdKBEiQWRI4Sa+LUFfrqPrcAC6sYlRljr14aMzr+5cwJ69pI5R IfFvOWgvSE+Je9FL9ikX6dLcFHeYrdHbEYG5dmvgyNC6CpqO1SW8TQJF0 OTvHGoKK0xl1InMIM9XLZkHb5DF7cbZQ0WQaQ/sDvWi/tWZtrF75V0sKa 0=;
IronPort-SDR: NzuCD7Ow63+N9WNg4xmwY09qseQL2QFqD5iD2OCa4PvDYwbfU/BnxPKOA74M2byLtymfOwGrcF 1T3/6FCtPing==
X-IronPort-AV: E=Sophos;i="5.69,430,1571702400"; d="scan'208";a="11362690"
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1e-303d0b0e.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-out-6002.iad6.amazon.com with ESMTP; 13 Jan 2020 22:26:58 +0000
Received: from EX13MTAUWC001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166]) by email-inbound-relay-1e-303d0b0e.us-east-1.amazon.com (Postfix) with ESMTPS id EE846A1D89; Mon, 13 Jan 2020 22:26:55 +0000 (UTC)
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 13 Jan 2020 22:26:54 +0000
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13D11UWC004.ant.amazon.com (10.43.162.101) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 13 Jan 2020 22:26:54 +0000
Received: from EX13D11UWC004.ant.amazon.com ([10.43.162.101]) by EX13D11UWC004.ant.amazon.com ([10.43.162.101]) with mapi id 15.00.1367.000; Mon, 13 Jan 2020 22:26:54 +0000
From: "Richard Backman, Annabelle" <richanna@amazon.com>
To: Roberto Polli <robipolli@gmail.com>, Rob Sayre <sayrer@gmail.com>
CC: Martin Thomson <mt@lowentropy.net>, Justin Richer <jricher@mit.edu>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Call for Adoption: draft-richanna-http-message-signatures
Thread-Index: AQHVxqZzU09mZf2rtUKzXaMPY5Z9rKfh2qaAgAEFf4D//7o3AIAAiA2AgAA3joCAAL7PgIAElO4A
Date: Mon, 13 Jan 2020 22:26:54 +0000
Message-ID: <7740F146-E032-4798-A388-4F2F9503F1F9@amazon.com>
References: <76565D7E-C7F5-4D5D-BE3A-6E686E096B14@mnot.net> <1bf9b1fb-10d0-4948-a7e6-a913e54b7828@www.fastmail.com> <279D48F9-FE36-474B-B2F9-48C4E3713229@mit.edu> <1AB9E384-A73A-4420-9F60-43FE53F62AE5@amazon.com> <78077793-5ef1-41b8-aad0-534a894259a0@www.fastmail.com> <CAChr6SyxhqpJQQy3iWt_y9eC2uTdUwQdJ5VEzXoU4ZF0dM1C2w@mail.gmail.com> <CAP9qbHUYs_g1aiPpjs6bLb2iLG+FkN6d4Y3rOuLFxSbb4rdx8g@mail.gmail.com>
In-Reply-To: <CAP9qbHUYs_g1aiPpjs6bLb2iLG+FkN6d4Y3rOuLFxSbb4rdx8g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.161.253]
Content-Type: text/plain; charset="utf-8"
Content-ID: <50C66C307656D441B361557CE7D586AA@amazon.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Received-SPF: pass client-ip=52.95.49.90; envelope-from=prvs=274a3aa5a=richanna@amazon.com; helo=smtp-fw-6002.amazon.com
X-W3C-Hub-Spam-Status: No, score=-13.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ir8Al-0000Ov-9u dbf2400ad4535aa03e891a7a326cb159
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: draft-richanna-http-message-signatures
Archived-At: <https://www.w3.org/mid/7740F146-E032-4798-A388-4F2F9503F1F9@amazon.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37251
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for the feedback, Roberto. Regarding what information must be covered by the signature, I'm not opposed to mandatory signature metadata fields. What I'm more concerned with is avoiding strict requirements that specific protocol elements be included (e.g., "MUST sign the Date header field" or "MUST sign the effective request URI"). Very few of these elements can be made mandatory without cutting out support for large swathes of use cases and deployment environments. This is really best left to profiling specifications (e.g., a version of RFC6750 for proof-of-possession tokens) and/or deployments (e.g., a web service that requires signing the elements that are relevant to its API).

That said, the guidance in digest-headers is a good example of conditional requirements that may be worth including (e.g., "if you include Digest, you MUST also include...").

– 
Annabelle Richard Backman
AWS Identity
 

On 1/10/20, 8:30 AM, "Roberto Polli" <robipolli@gmail.com> wrote:

    Hi @all,
    
    IMHO it's time for a spec for  signingin http requests/responses
    usable as a building block
    for a non-repudiation framework for REST APIs.
    
    I investigated on both webpack and cavage and
    the first output is the `digest-headers` I-D and its `usage in
    signature` section:
    
    -  https://github.com/httpwg/http-extensions/blob/master/draft-ietf-httpbis-digest-headers.md#usage-in-signatures
    
    About implementors, if we address the above use-cases we could try to involve
    interested folks from public sector (the European Union will probably
    start working on API standards).
    This will open the door to many implementors.
    
    Finally, replies to previous email follows.
    
    Mark said:
    > [...] if folks [are] willing to contribute [..] review drafts [..].
    I'm in. Preliminary comments from various people are on this gdoc
    http://bit.ly/384sZdF
    
    Annabelle said:
    >  a general purpose solution from this working group would help drive consistency rather
    > than simply be the N+1'th standard.
    Agree.
    
    Martin said:
    > [parts of draft-richanna]  overlaps with existing work from other IETF groups [..]
    > what would we say about the interactions with the web packaging work?
    This is a central point. Some of the changes in draft-cavage-11
    come from WEBPACK (eg. the `created`, `expires` parameters).
    I think more from WEBPACK could be used in draft-richanna.
    See:
    - https://github.com/w3c-dvcg/http-signatures/pull/37
    
    Martin said:
    > canonicalization of (subsets of) HTTP messages, probably belongs here
    Agree.
    
    Martin said:
    > [...draft-richanna..]  defines a bespoke signing format
    > [..] I would prefer [..] JWS, COSE, or even CMS
    About JWS / COSE, see https://github.com/WICG/webpackage/issues/237
    About CMS: can you do a proposal based on that?
    
    Martin said:
    > I wasn't [..convinced..] that the
    >  draft was free from some very simple problems in signature
    > construction.  An analysis of this is a surprisingly difficult [..]
    A comparison with WEBPACK would be a good starting point.
    
    Martin said:
    > à la carte selection of what to sign [ may not be ] a good strategy.
    IMHO signature validity boundaries analogous to `iat`,`exp`,`aud`,`iss`
    should always be present.
    Compulsory fields can be easily added in draft-richanna though.
    See eg. https://github.com/w3c-dvcg/http-signatures/issues/66
    
    Annabelle said:
    > [draft-richanna .. ] does not [..] indicate what information [..]
    > the sender must sign in order to be "secure."
    Not sure about that. My experience with draft-cavage implementors make
    me lean on
    Martin's objections.
    
    Martin said:
    > The interaction between signing and intermediation
    > [..] requires some attention.
    IMHO signatures should ensure integrity
    and I am not sure we have to support all possible
    intermediation transformation. We can sort it out though.
    
    
    Justin said:
    > changing syntax and breaking with existing deployments
    > of the Cavage series is absolutely on the table.
    That's inevitable. We can't be secure and backward compatible.
    
    If you read 'till there I owe you a beer :)
    
    Peace,
    R.

v2.23.0 | Report a Bug | By Email