Signature Authentication Scheme
Justin Richer <jricher@mit.edu> Sat, 16 March 2024 11:55 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 290CAC14F605 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 16 Mar 2024 04:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.858
X-Spam-Level:
X-Spam-Status: No, score=-2.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="ibnkVBpb"; dkim=pass (2048-bit key) header.d=w3.org header.b="H5EEfcFZ"; dkim=pass (1024-bit key) header.d=mit.edu header.b="UiQaOKPy"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7p_qOlmtv-37 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 16 Mar 2024 04:55:04 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3BCFC14F5E8 for <httpbisa-archive-bis2Juki@ietf.org>; Sat, 16 Mar 2024 04:55:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:MIME-Version:Content-Type:Message-ID:Date:To:From:Cc:Reply-To :In-Reply-To:References; bh=jWElwgIPl4tett6pJTct9draQV+PlzXptlhn8sQkvO8=; b=i bnkVBpbbQcKYdEsY5q6jZ45jO8DySow7wSZfdbfFOLiolSLbEqEKhf7+uLVW5T6MbgvxkDP58y/8S AG0tP0mR5ynvx4D4LhWWwPFabn6q8qw2tA7W4s+v7lleBMgQCg2zKMet7yaozGyMai6sMztalcL4O SRiuDs/FqeEnusfUVTH5j/hyTwpuGDM0JwL1OnxQhgKGH7zJ3gjQskAi60oifibf5aL/zgdi0mLiM QSw64zHAuwfFOObiz/BOtFQJfDNv8TzcF6rgLGJaRhH7Ezg6dpdVDR36riDfsoxynDk/+VWvAcViO GYe1G6R4DI6hSrLHldrC4GCgZyXqo2pIw==;
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1rlSbj-00Cr3Z-0o for ietf-http-wg-dist@listhub.w3.org; Sat, 16 Mar 2024 11:53:47 +0000
Resent-Date: Sat, 16 Mar 2024 11:53:47 +0000
Resent-Message-Id: <E1rlSbj-00Cr3Z-0o@lyra.w3.org>
Received: from pan.w3.org ([3.222.182.102]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <jricher@mit.edu>) id 1rlSbg-00Cr2S-Gm for ietf-http-wg@listhub.w3.org; Sat, 16 Mar 2024 11:53:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=MIME-Version:Content-Type:Message-ID:Date:Subject:To:From:Cc:Reply-To :In-Reply-To:References; bh=jWElwgIPl4tett6pJTct9draQV+PlzXptlhn8sQkvO8=; t=1710590024; x=1711454024; b=H5EEfcFZcpgj+18V+6gixfJugUNUkSAA7lnzrQLNWWwep43 aeMMbRPtIsIcc9sie2Bvr4YIKxS27PS1/UhGa+c5fk1CSxkpRAA+y/c1hiMXqSOh0gvjFUqnFXKXD +ZxYZIuBUDfCr+MTgheGL34840CbeCQBbb4+S91ExmuoOK1Ps95xpPUYZB9gGD6wtG5QF7BMJ1KTr Tp5xKJfoZThk00rdoxbA1Zxj3Z4aaxFcWBbPiIs74qeVPeOsNEznFJGeYVydtJzjz8wlmS/BFqmMF f4aQb0RLwV4qwoV2H1dJh/gPN+al4tfygIJ546q3SbEU67Sf4p2ema+KcbUJBP5g==;
Received-SPF: pass (pan.w3.org: domain of mit.edu designates 40.107.243.99 as permitted sender) client-ip=40.107.243.99; envelope-from=jricher@mit.edu; helo=NAM12-DM6-obe.outbound.protection.outlook.com;
Received: from mail-dm6nam12on2099.outbound.protection.outlook.com ([40.107.243.99] helo=NAM12-DM6-obe.outbound.protection.outlook.com) by pan.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <jricher@mit.edu>) id 1rlSbf-00C1Tn-1c for ietf-http-wg@w3.org; Sat, 16 Mar 2024 11:53:44 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ay5saMYDRRGCa6pLBhk7ZLjWivWdpA6Fd0D8wT+q2Yxc5UEwHmiLkklWdnzGCOlzu8Ujpx/t0bwhFBgIEz74LBYNlJktsNntfX7nJbldA53Mjnzfc87V32ziYq37chSMFdYwOhZ9u8f9nywttzxK43C6jRVgOMddwEJOGhBRKyk0GZVvn/JnzY32sCNSktzgXDI1L890QOmfUNijkUArfa8rP5gdYKMI6AjTHTunzUKHV+FQwmjydcHBcKiE/RBabrAl63ZdJ+e+eP/1jYUoqCyvduy77flZk/7XQIxsd0vZXR/fs8XEfCPUmU3bza1f2BgrM8HdXSuNAjZAV6Wz0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jWElwgIPl4tett6pJTct9draQV+PlzXptlhn8sQkvO8=; b=lut9TcQ7Jv+hiY6Y0YZ70pJV9CU4Q5sTVtw1HvVIKemom/H3FcxIXX5Xh7vsE+NMkYtq58pCbeVV3dRH0SXXFyplxdcpUT1NyvHXrrKzJyEp5HMXrT63fVgBjlLsJhtPNb8q3RMpbN1vaCaeLV/2X+Bg6hS5F4jGp8AJ5tpCbFAPGKmhcbjTuQCfzUSmNT1ldHJeUyE21bKh1IH8x/iyjP/ZJUob4AE2z8xkeF36wfnWPffyIefKplOxsKTqvesXopCPSJ15Ja56nNaD7aCmFJiPLkofAXzdDpFznFpOxLQbHrRNKTfICftOwEkbQDoRtiXYdIKAADnHftMFNjYS9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jWElwgIPl4tett6pJTct9draQV+PlzXptlhn8sQkvO8=; b=UiQaOKPynVzEoXWOPsjFd46zxz8iix2pWky6Ve6+qxADWGHvrTXak110K+tZI892xD/PpGlAkPbKLA0agLKSx50kqSpWWHYWOcOBPkXkU5mq6WFAw42B/Y041Obd0JnbFmBZuLdWjwqtmUs/qTmnDKoE3VXXwMmoIUzmAwwn8Q0=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SJ0PR01MB6477.prod.exchangelabs.com (2603:10b6:a03:29b::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.25; Sat, 16 Mar 2024 11:53:37 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef%3]) with mapi id 15.20.7386.017; Sat, 16 Mar 2024 11:53:36 +0000
From: Justin Richer <jricher@mit.edu>
To: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: Signature Authentication Scheme
Thread-Index: AQHad5iTKCH8qKKrn0OtO13om8hQ8A==
Date: Sat, 16 Mar 2024 11:53:36 +0000
Message-ID: <E1BFEFB3-A4B6-4697-91FE-37595A918203@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SJ0PR01MB6477:EE_
x-ms-office365-filtering-correlation-id: 37392608-e0c5-4721-f7c2-08dc45afb671
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3l+fnACKw891fmRENmlA+BG3QWbPfhbVpvsNlxy+p4+o921Jh2fmINwbt9ZBwaxyEnelmLTMJaPcsYUvtKGiOfFl7ZrL+FTOyJ0jOfyvyfBHXcrDsI65D8+0ElikYgmmymuRXEO7R27g6CIUcyHz9cfsHGR7op9mTp7lIyV7ut4ldFGbO9I7k+uUukuw9cD47DAwTAzKJfZPrSQV3ecx/B5NUl/66pNlLZ0i4btKVNmeRLlx289j8hY8F3t1Oh2lTm4IEsv8wXqqk97hyIkJM+DJu80OEyd/eyeKpKp+UaPxOiq59C2R5QxupbC8qWQLEAoCwDesQLU9WqpSWO3dmjrw3aTavBiyXb0wJV5Ed45aVhvQbV83mb9x0h5aI81rfOAvzxXrzIm2AzwQf5BqzdGt99tK4av/Z5Pf4Dxyca0/SXRLegLjJxoGUdIiokh+s+bRci2FtjTVhg+V8WZjmWsNOiZd51QUMRmGBnkUpFk4AH1+rq5klaSndVTcG8HGBHeMxy6P47dUXVXC//Zlsb9eLcbSOn28TUv0zj2kmbR2y+hHENg1I9UdG4+MDR8rDh64Cj/o3dfDJ8XHwnbpe01ysZxYbLmv8nMH2h7nGiRSzZqWei/Y43gFvJ5x/XYHQUsUVuTjNINO1uH4UNXJwM53ZX+r+E86z1WgyMYXFdJMoH23XHgkIEMppzQZVk7R6Gy870hVHP0RM7EuZxDXVDZQrYMGv8LkFGhdU/cBx8w=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(376005)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5sbL1aEeJjoIfGwzLKyxNQdM5579ncdM+oFqdGO93B7zLO60QDa2vLuJ3ivi3ATZbVFM5xGwOSllMeSiS9hZOJwnljkqQZ86DP0slRoOrLg58G1Oar5wZkAz1EO2ZRd/nvsmzNNj9zEefmQdBR994DV+EhYrn7RKeA7pRrK/ebglBSMkqMbIWk40waQZAG2BfLJT1lyXwBo5TLJ4fZ9wpqw0dZwtPEaSOnNUKRG+bkHac1uiPJJFnCuCcuFcaBi2TjyUQ1klv+/uN6zeZ2IDihq/NGhgp8mSUBncepn4pWGQY/F4uSQsn3DwYQlOZxuoxMMZeY2pYTHf4FJ7awgky0+Sx8KtgNExgQqWmb1GAWwnQwtaVMxdZeOlWWwP9baglINQTv2fX0/IU5HVZgFNekLKRunwP+lMg+DSCobpJrNTWdlKaPTTUPRjl5KOJr3hUB1B8vYGsTMibn9UMaduMh3f50yvCEFPaMkb1WpxEfO//BuIs2HdF+CCaOp8V2Ro8RKrGv+Eh1gK4y907JKFT14+vp8KpLmXoZbQZ8EbP2HqP6CSB/+OoWmKyjuy8XIyfUWZmbgghT5k25kugI+8KFFWH1A5lC9ZdIA6yXFkZryFdjqXKgt3oUQpduWvsdUDNj+UnxFpyyouaEhOp+3qVRq/j1yJmUCuG6fiM37IV/L/a5xpmxE9BaUJbWZpZWhbj8A6CnoD9S99Y456taAFy4GsZwcMDobsGJ71KiYTAbd0Ne4u0mED8l3iCchHLdmNG7IjAEVfurSz8qQoLnHpZWlZ8tZK8ts/ofTqrG8BMUs0n9xaA/PsXjE99GYqffCH/Hp6xMm5c1Uxz+2T8cpE3XkqblaHtrl2YgL5SA9AOm+1xLNYxTBfDdg4QZ2TxVg5EL2TohoGjczAksTsipy+hu78QzjJgkw8pUi0xAZEcD3vWrLvg8P+LIGi/R7s2JFEwOBzfaQydGVRuHkPA85VJ6Ipa53NJyJDK5kNehf0Un/eWW8VUtsrh2N2j582A5TZsGpw3N28/HkOQO4RfFSWlqfukTioMgsJcBULtcJjm5wbRQZzzHjd/05Y+Y4vXGQB8kJ+M0g+Q7JTkAGTJe33KGqjvtonbYYHaPIH2eGLvAKmg0nza0wfJbE5sd8RY77m5P9ijeiJbtu2jRJaaFtMEoEuObDY0hPeqSdK/oZPWPxIqSowc59bdgkUrIQ+z8WPkB7AjGVr5sbPfWXNeKUPgtxMTCocOkVCK/KVNy4yhzU2gIvIDg++O9o+syXOYQKXzsM8UWY+7aj9ngRMxFreXDPi8nGI64oD6FNfHvMxeVj9DekV12yJBJ/SoHcHC/I6hpeV0XBZoYaJ8E6qz6dOuL4SSPWSNqLKCZQbQAl61oNNQesWxlaCtBQ6l6NuTjkEmcHNAnOcHcSUJQP14waEx2/7PBzKw62zANj7BXkNMtX5sUhwksJFflpc9kiCcnsF1IVJzXsujtOm9jcOz62ovkzyO4w63cDf4gWm4o0E9WL2qQhNsBQHE7AhCDWpLOZoDNRtDY2C+v3wJh2js0GYyjcZvihe0HmaoYpOteVjSXEHq27s/y20+P1mBvUgql2N
Content-Type: multipart/alternative; boundary="_000_E1BFEFB3A4B6469791FE37595A918203mitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 37392608-e0c5-4721-f7c2-08dc45afb671
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2024 11:53:36.2134 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dicC1n2aIZF7oF68qFheHGLPnwgMv9fq49lN7V8HF7DHwrP2ia/oqK47asE5+VkN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6477
X-W3C-Hub-DKIM-Status: validation passed: (address=jricher@mit.edu domain=mit.edu), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: ARC_SIGNED=0.001, ARC_VALID=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1rlSbf-00C1Tn-1c b8696ff24bdd8d6d1772bed93bdbe043
X-Original-To: ietf-http-wg@w3.org
Subject: Signature Authentication Scheme
Archived-At: <https://www.w3.org/mid/E1BFEFB3-A4B6-4697-91FE-37595A918203@mit.edu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51883
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I talked with David Oliver this morning at the hackathon, and I would like to raise some concerns about the "Signature Authentication Scheme" draft (draft-ietf-httpbis-unprompted-auth) that mostly revolve around the positioning of the draft in the larger ecosystem. As many of you know, we recently published HTTP Message Signatures as RFC9421 (huge thanks to the working group and everyone that helped out!). That draft was over four years of work here in HTTP and many more years longer than that floating around in various incompatible I-D’s. It’s in this context that I am providing this feedback. 1: The title of the draft and use of "HTTP Signature" The draft draft-ietf-httpbis-unprompted-auth has no relationship whatsoever to RFC9421, in spite of a very similar name. The mechanism in draft-ietf-httpbis-unprompted-auth is not about signing the HTTP message itself (apart from the scheme/host/port exported form TLS in section 4.1), but about presenting a signature value to the server in the request. This signature is intended to be bound to the target URI of the request, regardless of what the request itself is. Furthermore, the method is restrained to a single hope as it is based on binding to TLS level key material (see section 8). Additionally, the draft currently defines a single algorithm for use, without cryptographic agility. This list is not meant a judgement on these choices, but rather to contrast with the choices made in RFC9421, which targets arbitrary portions of the message, does not constrain key material to the TLS connection, can be used through intermediaries, and provides a robust cryptographic agility and extension mechanism. At the very least, this draft needs to clearly differentiate itself from RFC9421 in both the introduction and relevant portions of the text. Even better, in my personal opinion, this draft should be called something different. It :uses: signatures to accomplish a specific goal similar to HOBA, but it does not provide a signature mechanism for HTTP. 2: The use of the "Signature" authentication scheme In draft-cavage-http-signatures, which was one of the precursor inputs to RFC9421, there is a "Signature" authentication scheme defined in Section 3. In RFC9421, we deliberately removed this feature, as the goal of RFC9421 was to specify a mechanism for signing requests and responses and not for presenting those signatures as authentication or authorization, which would be higher-level protocols. This would ostensibly mean that the "Signature" authentication scheme is up for grabs, but the truth of the situation is that the Cavage draft saw wide adoption of its various versions long before the HTTP WG picked up work on what became RFC9421. This means that there are existing ecosystems depending on their own definition of a "Signature" authentication scheme. When this draft is deployed, that collision is going to be a painful one. Furthermore, a naive developer would see this draft and grab a Cavage library to try and implement it. I believe that this draft should use a different scheme, both to avoid conflict with Cavage implementations and also in concert with the reasons for naming choices in (1). 3: The field format and syntax This draft defines its own field format and parameter encoding, based on base64url. As the values in question are binaries with labels, this is ripe for using structured fields. Is there a compelling reason not to? The syntax is ALMOST there as it stands today, so implementations wouldn’t need to change much in practice — but new implementations could rely on structured fields to provide parsing and serialization in a less error prone way. 4: Compatibility with RFC9421 And finally, this draft invents its own signature base string generator and signature calculation method separate from RFC9421. It is neither necessary nor expected for all new drafts to follow the methods in RFC9421, but I believe it would be worth at least exploring if the corresponding parts of RFC9421 could be used in here. I have a feeling that the answer is "not really", or more likely "we could but it makes this specific use case way more complicated than it’s worth", and that is a reasonable outcome — but I’d like to see that this work has at least been considered. — Justin
- Signature Authentication Scheme Justin Richer
- Re: Signature Authentication Scheme David Schinazi
- Re: Signature Authentication Scheme Ben Schwartz