Re: HTTP Unprompted Authentication
Ilari Liusvaara <ilariliusvaara@welho.com> Sun, 05 February 2023 10:00 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48506C14F731 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 5 Feb 2023 02:00:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.949
X-Spam-Level:
X-Spam-Status: No, score=-4.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9y-mGM1gxx3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 5 Feb 2023 02:00:29 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1681C151542 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 5 Feb 2023 02:00:29 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pObom-004TbI-OF for ietf-http-wg-dist@listhub.w3.org; Sun, 05 Feb 2023 10:00:16 +0000
Resent-Date: Sun, 05 Feb 2023 10:00:16 +0000
Resent-Message-Id: <E1pObom-004TbI-OF@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ilariliusvaara@welho.com>) id 1pObok-004TZn-AB for ietf-http-wg@listhub.w3.org; Sun, 05 Feb 2023 10:00:14 +0000
Received: from welho-filter4b.welho.com ([83.102.41.30] helo=welho-filter4.welho.com) by mimas.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ilariliusvaara@welho.com>) id 1pOboi-002yAB-Uq for ietf-http-wg@w3.org; Sun, 05 Feb 2023 10:00:14 +0000
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 5D993630E0 for <ietf-http-wg@w3.org>; Sun, 5 Feb 2023 12:00:00 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id S2VqyZLC9VBm for <ietf-http-wg@w3.org>; Sun, 5 Feb 2023 12:00:00 +0200 (EET)
Received: from LK-Perkele-VII2 (87-92-18-205.bb.dnainternet.fi [87.92.18.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 0557C72 for <ietf-http-wg@w3.org>; Sun, 5 Feb 2023 11:59:58 +0200 (EET)
Date: Sun, 05 Feb 2023 11:59:58 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <Y99+HqYDBWxNCAmQ@LK-Perkele-VII2.locald>
References: <166568682708.62670.1401609977193260774@ietfa.amsl.com> <CAPDSy+4KzCqEg-Nt5geb5n87KbJuD=v8pRpRWTB6NsOwr=Bh5g@mail.gmail.com> <Y0hvwiN0qspglhnq@LK-Perkele-VII2.locald> <CACcvr=kPG=f2PEx4yhhd5dAGEy6uZNOKQBk7v=cjfK8=azB4OA@mail.gmail.com> <CAPDSy+44+1QtOecbtbZPWNoOapBS=g2MOYH+4W5L5KhW0YA4wA@mail.gmail.com> <CAPDSy+40ymp3Qje9QNhNgNpT-9-0qVqE4zrjQhvmHrsgyS5dog@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAPDSy+40ymp3Qje9QNhNgNpT-9-0qVqE4zrjQhvmHrsgyS5dog@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Received-SPF: pass client-ip=83.102.41.30; envelope-from=ilariliusvaara@welho.com; helo=welho-filter4.welho.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1pOboi-002yAB-Uq 73498b4dc1b2e813d91ebe9786fbd58c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP Unprompted Authentication
Archived-At: <https://www.w3.org/mid/Y99+HqYDBWxNCAmQ@LK-Perkele-VII2.locald>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/50676
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Fri, Feb 03, 2023 at 04:30:16PM -0800, David Schinazi wrote: > Hi HTTP enthusiasts, > > When I presented HTTP unprompted authentication at the last IETF, > there appeared to be interest in the room but Ben raised some concerns. > The chairs asked me to resolve those before asking about adoption. > Ben and I met and were able to resolve them by changing the document > to reuse the HTTP Authentication Schemes registry instead of defining > a new one. This change is visible in revision -01: > https://www.ietf.org/archive/id/draft-schinazi-httpbis-unprompted-auth-01.html > and a diff is here: > https://author-tools.ietf.org/iddiff?url2=draft-schinazi-httpbis-unprompted-auth-01 > > Chairs, I would now like to ask for an adoption call if you think that's a > good idea. - In section 2, I see this text: ------------------------------------------------------------------------ This includes any use of HTTP over TLS as typically used for HTTP/2 [HTTP/2], or HTTP/3 [HTTP/3] where the transport protocol uses TLS as its authentication and key exchange mechanism [QUIC-TLS]. The user agent leverages a TLS keying material exporter [KEY-EXPORT] to generate a nonce which can be signed using the user's key. ------------------------------------------------------------------------ I think implying that it works for any TLS is rather bad, even if there was security considerations narrowing the scope (which there do not seem to be). The problem is that the original TLS 1.2 keying material exporter is flawed in a way that it can not be safely used for authentication. Now, either TLS 1.3 or the Extended Master Secret extension fixes this flaw. The TLS as used in HTTP/3 is TLS 1.3, so it will be okay. But TLS as used in HTTP/2 can be TLS 1.2 without EMS, which is not okay. And then there is HTTP/1.1, which has no TLS requirements at all. - The "TLS SignatureAlgorithm" and "TLS HashAlgorithm" registeries have been deprecated. A solution would be to just remove the h= and s= parameters: The server could look those up from the key (precludes variable-hash RSA keys, but I do not think those are actually important). - The signature/HMAC is taken over raw nonce, which I do think is a good idea. A solution would be using the TLS 1.3 signature format with some specific label. - In section 6, it is said that intermediaries will validate the authentication themselves. It would be possible for intermediary to export the nonces (which are not sensitive), and send those to the back-end (I have done PoC implementation of this). -Ilari
- HTTP Unprompted Authentication David Schinazi
- Re: HTTP Unprompted Authentication Ilari Liusvaara
- Re: HTTP Unprompted Authentication Nick Harper
- Re: HTTP Unprompted Authentication David Schinazi
- Re: HTTP Unprompted Authentication Ben Schwartz
- Re: HTTP Unprompted Authentication Ben Schwartz
- Re: HTTP Unprompted Authentication Ryan Hamilton
- Re: HTTP Unprompted Authentication David Schinazi
- Re: HTTP Unprompted Authentication Ben Schwartz
- Re: HTTP Unprompted Authentication David Schinazi
- Re: HTTP Unprompted Authentication Ben Schwartz
- Re: HTTP Unprompted Authentication David Schinazi
- Re: HTTP Unprompted Authentication Ilari Liusvaara
- Re: HTTP Unprompted Authentication David Schinazi