IETF Logo Mail Archive

Re: Bikeshed: "context" parameter for signatures

Justin Richer <jricher@mit.edu> Fri, 23 September 2022 08:14 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 785CBC1524AF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 23 Sep 2022 01:14:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.061
X-Spam-Level:
X-Spam-Status: No, score=-5.061 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FuIHxuhFv4Ob for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 23 Sep 2022 01:14:40 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2977C14CE2A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 23 Sep 2022 01:14:40 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1obdmi-00EoxV-Fd for ietf-http-wg-dist@listhub.w3.org; Fri, 23 Sep 2022 08:11:44 +0000
Resent-Date: Fri, 23 Sep 2022 08:11:44 +0000
Resent-Message-Id: <E1obdmi-00EoxV-Fd@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <jricher@mit.edu>) id 1obdmg-00EowE-2E for ietf-http-wg@listhub.w3.org; Fri, 23 Sep 2022 08:11:42 +0000
Received: from outgoing-exchange-7.mit.edu ([18.9.28.58]) by mimas.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <jricher@mit.edu>) id 1obdme-002N0w-7O for ietf-http-wg@w3.org; Fri, 23 Sep 2022 08:11:41 +0000
Received: from oc11exedge2.exchange.mit.edu (OC11EXEDGE2.EXCHANGE.MIT.EDU [18.9.3.18]) by outgoing-exchange-7.mit.edu (8.14.7/8.12.4) with ESMTP id 28N8BSJO030855; Fri, 23 Sep 2022 04:11:28 -0400
Received: from w92expo19.exchange.mit.edu (18.7.74.73) by oc11exedge2.exchange.mit.edu (18.9.3.18) with Microsoft SMTP Server (TLS) id 15.0.1497.38; Fri, 23 Sep 2022 04:11:13 -0400
Received: from oc11exhyb1.exchange.mit.edu (18.9.1.60) by w92expo19.exchange.mit.edu (18.7.74.73) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Fri, 23 Sep 2022 04:11:28 -0400
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.168) by oc11exhyb1.exchange.mit.edu (18.9.1.60) with Microsoft SMTP Server (TLS) id 15.0.1497.38 via Frontend Transport; Fri, 23 Sep 2022 04:11:27 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WJBnheHfxKFrFREO2GP4YtvJ5pbUAHEfco61uG3ZwILD1mMVMNwazlWaaraJljQwQhqnSCd8r0aAf2hvsqzaY2N3zDo89r6NliuBfTMmPTsBWrAmTd0Wi8kvp2VZC0Z4A49w1LJyTcj7sS0Y2h0l8vJkNs9HcwlWx00aKTqfmd7tVEjBaryXf96vC+4huK7ZhYvctEz7SuERV/7fkRPh7SBZ9xszaclPu4I390NJ9VOAITminilhYOoDHASedw7plFzqBbBcsKN9wtbrV/M1+DSUPfvpkQOdEsLmxomYKsj0U610bgcLy4uJ+H17ING3ZLRrw+U+CfZKD4lN/GYHPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bwOVKG/NUOyc3J6Et5j/s1wTo04km2b7BS4OpW5viLE=; b=VvWUVJNlC831oEY4Aw/NFgJCYMR6ojIBfv3V/WYq6wKmUOzm6m+NN/IimISiETpkKPmkDL3AUS1gk/SZxPkDyhILTxCRCwIsnddbfOY2bSIgIAcguWBkHwQ+EPvXCbfdsJIXaGKXqH9oCryubzJ+LVVt3twQKUcNlbEjsaV52CRVw3jHCAwjvCj/Il1nbPu6URzAIZAbppr+oUt58OGmYrEM8QflUlRmDYRhihXae/2W1ZIBUcD7TNlm2zeb6e55bi+zdOUjeHTKqlpXMKCdQo0PRAYPUUONp1vnOLOqU+eI+Z92h9QcHP2lane8wELNzafJzaEPljVYqFYyC34HvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bwOVKG/NUOyc3J6Et5j/s1wTo04km2b7BS4OpW5viLE=; b=qjIltScRiC7+0GTqKpMa6mAajYgkCgFsJSb0YZa2PnB4xby1up4XqVXeAOIMi4JLdaTjDnWH+kOEDtOxoLGU0AYTrwipF4s2I1yn+3x+zQI/iU2s5NiBqklElENfQqgKhlqXkkRsdef6seQQaz1/Om8kjP5m3mysJn+cROp0Iws=
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by SJ0PR01MB6269.prod.exchangelabs.com (2603:10b6:a03:298::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.14; Fri, 23 Sep 2022 08:11:26 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::8d7a:9afa:1e48:eac0]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::8d7a:9afa:1e48:eac0%4]) with mapi id 15.20.5654.018; Fri, 23 Sep 2022 08:11:26 +0000
From: Justin Richer <jricher@mit.edu>
To: Tyler Ham <tyler@thamtech.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: Bikeshed: "context" parameter for signatures
Thread-Index: AQHYzpE9Gd/XIutr+UGzesthTZtCQK3rzBoAgADeDgk=
Date: Fri, 23 Sep 2022 08:11:26 +0000
Message-ID: <DM6PR01MB44443E22CC8E36B5C7A8128DBD519@DM6PR01MB4444.prod.exchangelabs.com>
References: <54FD011B-AD69-4354-A1A1-D6F019DCB541@mit.edu> <CAGQ3E+eLfq5rLVnmjaLVh1oepTVD+Mgtko4mUpvigWRxEwvBpA@mail.gmail.com>
In-Reply-To: <CAGQ3E+eLfq5rLVnmjaLVh1oepTVD+Mgtko4mUpvigWRxEwvBpA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR01MB4444:EE_|SJ0PR01MB6269:EE_
x-ms-office365-filtering-correlation-id: 03cf3557-97ac-4968-162e-08da9d3b3630
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: s3aDtlTQpKemGn0xw8u/V66R6Ugh0AVMjaHB/7LqvZji4+i7EVsk31+XdLzbo1WEzjlQUvyUapIIarJ8T5seIs5WOI8e6ryqJaW00p4pjJDR4Y8jXIRME/4x/Ofdzli+zkrvv+h0UDvK4o/uiyUXwtHTq0TaiQ/7xXnElkfsqtDpK6ogK8P4WMZPm5oPr133m5ct5l6RH3KzCo00/ILB6f/j0K6ZB1IZ4gskZkCYGZOgW45IUM+WLEDxwN8uXYFGz4LXc939YStOTArF0gKDiGzxoqu0kHEG3hHyCrRZB6l/M0mJyNI3sI0c90gTVmnscCt7lIYDfhagJ2hS9DxQesShnMhMyQlVrdEDY2ydv6ToUW5AAZA/5nGQryte6szfsbjNEGP747ZYlpcfY8UjxSgq4efeqFS0AvL+5z7xTw84pk+e+P2FlugJd4srFZEIcqIFezNGaD3jp8az267ukvDEEaDv1jcPAsT6gqkwN99uqacqcISgXqFpwv/AmmYHGGtr4JT+msGQEtoP+O179MLKM76Sw8Wra8LziWeBwRdhQ45VGGkEZDFJp5u9YI4SqRfMxUgRSPX6MP4FLIx6s/nRlW9MpOGCNubVjbsSShsLWiwCOsC4Ym1D2KO2OeTdCYKqtqFh2Dm9mJ1APmxapfUFKHUk9BD2HJ5pPFLYQucwPhCPzcJsmac1kIgTSWf0Rr6etre5YXS9qAufXPjmK2GwF92eDxb+S1bePov9RZ9tFUOrN9ZqRX0vFJL+4clFxw4Uw+aR+1AenqZL0NsQcX2DC8q1cubG/Xb8cNCdt3g=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR01MB4444.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(396003)(366004)(346002)(376002)(136003)(451199015)(6916009)(33656002)(86362001)(122000001)(166002)(38070700005)(38100700002)(186003)(7696005)(75432002)(5660300002)(2906002)(478600001)(41300700001)(55016003)(966005)(6506007)(9686003)(53546011)(26005)(8676002)(66476007)(66556008)(66446008)(786003)(64756008)(8936002)(316002)(91956017)(71200400001)(66946007)(52536014)(4326008)(76116006);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Bo94alx0qgUVIRVuX8fN2EaKzyJtjMEM5qt3DgWg2TcPBOqbSB79gjFJq8QTR/Wj5jgV79sa2s5In5Z7OwHr6b1KTbAI06Dam0vZELZ4JI3ePeYMyS3Mv4Z34baN3udf+NeFVtvZMv3lYU5f2ALtrtsxYYYhOpCamiycOPB8gt3I6yckrpnI3VL8LR6ALM4VSGlRGRjPAMoEv5pGwN9aDwq5bZrBLOGMAS/EFX6/dWAVpmzIAm2n9n+wpp9/xTaciKPV49VuTO5ojPOuYvXtmYUY9EW4JS2ETkS7IVQ8aMlRncQJT+aHesVGgsyLZXzsDvtbv0kHeWxoV42io+71Y7JOcq0ngyZ606ruQv0PDGiwh9OqZjhPR2BiXdN6t1FBnzSXYmnM6cWPKH0W/GkLdtk2sastRw4sl/JLQG/qB/qdNY0zq88r9ZU5WZEtq7wFyMbXsdete0rjCCg9pqCq5pTdTF4QJanfTp0u8rN7x30t1xJ+wnCpMSFeqgfDnRn6HNbhX5tgLN4drMkU6Q4hxY14C3ICJCfcVXCQBvGNgVh8FskVtv3AQILvSOhIIifWr+KcmxLpS+7SAMT4FergnYzo3ztz/12syWRM/6fxQn9xPXavpsTZejLdG37cHWc/VxGQLh/W/P4Qbo01gwcDtdGQq1EiM470wupPaU+qXZe0VsrqKbshVqBO3Gi/itb4sQVUpyR0aX/c0QRbjFPrU1rSSgE4pvEJiLoegVwe2JUM0mMRu8qgO0EBsFOGFPqhMpNltWqKsAN7W37gupnT5+wlNvF8pvp48rLRA8zHeWpCGnSFyUKdDDaISqJrTHEuGzuS2tAYlPGvGU2w5jS8VSt+nnIEgjId4u09rqZtgOX9Vugp7glMFnE/giXMvl+qAf2F9SIp76FXVobnTGb5hThC3lcC/vB2R9ASoJ6gtARUbylckEIkDnIQ8WC3ynIXHIIhre+d8etWjovUlq9rL0dOMaUONJ5hVEznEdf4CHTGnqQ7j89RaYdgCg2prxHpoRjn4myINaS/AgbJAiB84sw+vYcdV+BsnbL0rMFGIYEgRfBhB9JxHl3yBtyz1eC5jCkuoVDmorOBvH4TlSowk1FuZuka2XUkdsoJi7EByeBVO9OulAJK1KhBFhZvV0OwCj2gkMboGSTLkLkw69bVyhkZSnT5klppWArc+7zARnBb5y0ci5yaI/1QCqv0AnCuNk2k7N/tWvCCA6Ev/NRDKIuPSo1wIm98cnZzzepvPADKF6qQCr3+lhhnVVB/2vNIeOusXZECS+VIXRUjYp6nKj7dM0/lQW1o8A5FQ4r+0spXRp/WDvJevMD/JCj80MIW1x9pqQfTPQo5n3rlze70ed96B8F/YeXPMYH2Kd08gVya3akbnUZzZjcl7OorO3jrIkCmgNCCEnoUtjBmA4Xj0DwZvrZz+EQpWTC3BZOy6/X0bXELKqz2MGphNjQjEieqLNZjmgRL7uQ+AuUZvS3ocUDa27UHHcTiCGRWGACnekO/3CpkS119FaoUvqKLOaw/klvMEzHV7apcFPxHUu3B7pNkgw4JLXdncHeMuV8pBqs=
Content-Type: multipart/alternative; boundary="_000_DM6PR01MB44443E22CC8E36B5C7A8128DBD519DM6PR01MB4444prod_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 03cf3557-97ac-4968-162e-08da9d3b3630
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2022 08:11:26.3473 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FpV9JLp2zzFIbz7yZCNfvuwVNawYZ+gTs+VFW9+APNKVoygjUtNxnBp7ySY241RL
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6269
X-OriginatorOrg: mit.edu
X-W3C-Hub-DKIM-Status: validation passed: (address=jricher@mit.edu domain=mit.edu), signature is good
X-W3C-Hub-Spam-Status: No, score=-7.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1obdme-002N0w-7O 244e767bafff862aee0936a29f595f66
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Bikeshed: "context" parameter for signatures
Archived-At: <https://www.w3.org/mid/DM6PR01MB44443E22CC8E36B5C7A8128DBD519@DM6PR01MB4444.prod.exchangelabs.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40400
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Good point. It kinda is the application name but not quite - it's not meant to be like an "agent" header, at least. I am a little wary of "data" because we don't want to imply or encourage putting structured information inside of it for things to parse downstream, which that implies to me.

Perhaps "tag" or "apptag" might work?

________________________________
From: Tyler Ham <tyler@thamtech.com>
Sent: Thursday, September 22, 2022 2:53 PM
To: Justin Richer <jricher@mit.edu>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: Bikeshed: "context" parameter for signatures

My first thought when I see the labels "app" and "application" is that the value is meant to be the name of an application.

How about something like "appdata"? This changes the noun to a generic "data", but it keeps "app" in there as an adjective to indicate that this parameter is for something application-specific.

Tyler


On Thu, Sep 22, 2022, 8:43 AM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:
I missed an issue that had been filed (but not tagged) prior to the publication of signatures-12, and it asks a pretty simple question:

We added a “context” parameter to allow applications to put a specific string that the application can recognize into the signature parameter set, so that (for example) an authz protocol can declare that a specific value be used or a cloud deployment can have all of its proxies use the same value. However, the term “context” is used in other ways in the spec, so it’s not the best term to use for this new parameter. The proposal is to change “context” to “application” or even the shorter “app”:

https://github.com/httpwg/http-extensions/issues/2249


I’d like to do a quick bike shed on this parameter name here, for anyone who has an opinion. Since it’s newer, existing libraries mostly don’t have it supported yet so if we’re going to change it we should change it right now.


Thanks,
 — Justin

v2.23.0 | Report a Bug | By Email