RE: Web Keys and HTTP Signatures

"Manger, James H" <James.H.Manger@team.telstra.com> Wed, 17 April 2013 23:56 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5BD21E8086 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Apr 2013 16:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.45
X-Spam-Level:
X-Spam-Status: No, score=-5.45 tagged_above=-999 required=5 tests=[AWL=4.549, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fU94inNgm9rr for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Apr 2013 16:56:54 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 1B34421E80E7 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 17 Apr 2013 16:56:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UScDM-0004MQ-Mq for ietf-http-wg-dist@listhub.w3.org; Wed, 17 Apr 2013 23:56:36 +0000
Resent-Date: Wed, 17 Apr 2013 23:56:36 +0000
Resent-Message-Id: <E1UScDM-0004MQ-Mq@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <James.H.Manger@team.telstra.com>) id 1UScDJ-0004Lg-QG; Wed, 17 Apr 2013 23:56:33 +0000
Received: from ipxavo.tcif.telstra.com.au ([203.35.135.200]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <James.H.Manger@team.telstra.com>) id 1UScDI-0000oX-6O; Wed, 17 Apr 2013 23:56:33 +0000
X-IronPort-AV: E=Sophos;i="4.87,496,1363093200"; d="scan'208";a="130074088"
Received: from unknown (HELO ipccvi.tcif.telstra.com.au) ([10.97.217.208]) by ipoavi.tcif.telstra.com.au with ESMTP; 18 Apr 2013 09:56:03 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,7048"; a="126639959"
Received: from wsmsg3701.srv.dir.telstra.com ([172.49.40.169]) by ipccvi.tcif.telstra.com.au with ESMTP; 18 Apr 2013 09:56:03 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3701.srv.dir.telstra.com ([172.49.40.169]) with mapi; Thu, 18 Apr 2013 09:56:03 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: "David I. Lehn" <dil@lehn.org>, Carsten Bormann <cabo@tzi.org>
CC: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Date: Thu, 18 Apr 2013 09:56:01 +1000
Thread-Topic: Web Keys and HTTP Signatures
Thread-Index: Ac47wUuYVetFchkXS/WTkXr4u3taggABCJfw
Message-ID: <255B9BB34FB7D647A506DC292726F6E1150C90E93E@WSMSG3153V.srv.dir.telstra.com>
References: <516F14E1.5040503@digitalbazaar.com> <9DF0F237-62DC-4E82-A545-B09C6083849B@tzi.org> <CADcbRRN2XWa9QwuaXAoxjMdkcguvQiiGq934RXU=-1ntzGpWNQ@mail.gmail.com>
In-Reply-To: <CADcbRRN2XWa9QwuaXAoxjMdkcguvQiiGq934RXU=-1ntzGpWNQ@mail.gmail.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Received-SPF: none client-ip=203.35.135.200; envelope-from=James.H.Manger@team.telstra.com; helo=ipxavo.tcif.telstra.com.au
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.450, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: lisa.w3.org 1UScDI-0000oX-6O 0f47746d9c16ce21e0c7a7743c7dad50
X-Original-To: ietf-http-wg@w3.org
Subject: RE: Web Keys and HTTP Signatures
Archived-At: <http://www.w3.org/mid/255B9BB34FB7D647A506DC292726F6E1150C90E93E@WSMSG3153V.srv.dir.telstra.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17317
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Bad guy swaps the values of two headers (hence changing the semantics of the HTTP request). Bad guy also swaps the order in which the two headers are listed in the 'headers' attribute (hence the signing string is the same). Consequence: same signature is valid for two different requests.

A bad guy cannot change the signing string but, as Carsten notes, they can change which line of the signing string is treated as the date, as the content-type, as whatever by adjusting the unprotected 'headers' attribute.

P.S. This scheme doesn't match the allowed syntax for the Authorization header. After "Signature" you can have a single base64 blob OR comma-separated name=value pairs -- you cannot mix the two. Stick sig="..." around the signature.

--
James Manger

> -----Original Message-----
> From: dilehn@gmail.com [mailto:dilehn@gmail.com] On Behalf Of David I.
> Lehn
> Sent: Thursday, 18 April 2013 9:13 AM
> To: Carsten Bormann
> Cc: Manu Sporny; Web Payments CG; ietf-http-wg@w3.org
> Subject: Re: Web Keys and HTTP Signatures
> 
> On Wed, Apr 17, 2013 at 6:03 PM, Carsten Bormann <cabo@tzi.org> wrote:
> > On Apr 17, 2013, at 23:32, Manu Sporny <msporny@digitalbazaar.com>
> wrote:
> >
> >> https://github.com/joyent/node-http-
> signature/blob/master/http_signin
> >> g.md
> >
> > I looked at this for about 5 seconds, but are you telling us the
> attacker gets to choose what the lines in the signed string are
> supposed to mean?
> >
> 
> I'm not sure I understand your question? The request signature
> specifies the headers that are signed. The server can reject a request
> based on a header requirement policy. Our current implementation
> requires the headers to at least include request-line, host, and date.
> What specific attack did you have in mind?
> 
> -dave