Roman Danyliw's No Objection on draft-ietf-httpbis-digest-headers-12: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 23 May 2023 17:49 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73C96C151B3C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 May 2023 10:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.649
X-Spam-Level:
X-Spam-Status: No, score=-7.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Tj2sYUzd0dF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 May 2023 10:49:07 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D478C151B32 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 23 May 2023 10:48:43 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q1W7b-00HE5q-9H for ietf-http-wg-dist@listhub.w3.org; Tue, 23 May 2023 17:48:31 +0000
Resent-Date: Tue, 23 May 2023 17:48:31 +0000
Resent-Message-Id: <E1q1W7b-00HE5q-9H@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q1W7a-00HE4t-GJ for ietf-http-wg@listhub.w3.org; Tue, 23 May 2023 17:48:30 +0000
Received: from mail.ietf.org ([50.223.129.194]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q1W7Y-007uVH-Qb for ietf-http-wg@w3.org; Tue, 23 May 2023 17:48:30 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 64DE0C151B3C; Tue, 23 May 2023 10:48:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-httpbis-digest-headers@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, mnot@mnot.net, mnot@mnot.net
X-Test-IDTracker: no
X-IETF-IDTracker: 10.4.0
Auto-Submitted: auto-generated
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <168486410440.60374.9215584822726745937@ietfa.amsl.com>
Date: Tue, 23 May 2023 10:48:24 -0700
Received-SPF: pass client-ip=50.223.129.194; envelope-from=noreply@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1q1W7Y-007uVH-Qb 4a719651c067fb6822fa0e10afdbdfbc
X-Original-To: ietf-http-wg@w3.org
Subject: Roman Danyliw's No Objection on draft-ietf-httpbis-digest-headers-12: (with COMMENT)
Archived-At: <https://www.w3.org/mid/168486410440.60374.9215584822726745937@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51066
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Roman Danyliw has entered the following ballot position for draft-ietf-httpbis-digest-headers-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-digest-headers/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Peter Yee for the SECDIR review. ** Section 2. Using multiple digests in a single Content-Digest is supported. There is also guidance that “a recipient MAY ignore any or all of the digests”. I read that text as “if presented multiple digests, a recipient can choose to look at only one or some subset of the digests.” Is that accurate? Is there standardized behavior for when a recipient validates/checks both digests and only one is valid? ** Section 4. * key conveys the hashing algorithm (see Section 5); Shouldn’t this read as “hashing algorithm(s)” as it is possible to send more than one in the field? ** Section 4. * value is an Integer (Section 3.3.1 of [STRUCTURED-FIELDS]) that conveys an ascending, relative, weighted preference. It must be in the range 0 to 10 inclusive. 1 is the least preferred, 10 is the most preferred, and a value of 0 means "not acceptable". -- Can multiple algorithms share the same preference value? For example, could multiple algorithms be labeled “not acceptable”? -- If yes, would their ordering determine preference? ** Section 6.1. Recommend adding cautionary language about the capabilities of an adversary like those stated in Peter’s SECDIR review. Perhaps: OLD Integrity fields are not intended to be a general protection against malicious tampering with HTTP messages. This can be achieved by combining it with other approaches such as transport-layer security or digital signatures (for example, HTTP Message Signatures [SIGNATURES]). NEW Integrity fields are not intended to be a general protection against malicious tampering with HTTP messages. In the absence of additional security mechanisms, an on-path, malicious actor can remove or recalculate and substitute a digest value. This attack can be mitigated by combining mechanisms described in this document with other approaches such as transport-layer security or digital signatures (for example, HTTP Message Signatures [SIGNATURES]).
- Roman Danyliw's No Objection on draft-ietf-httpbi… Roman Danyliw via Datatracker
- Re: Roman Danyliw's No Objection on draft-ietf-ht… Lucas Pardue
- Re: Roman Danyliw's No Objection on draft-ietf-ht… Roberto Polli
- Re: Roman Danyliw's No Objection on draft-ietf-ht… Lucas Pardue