Re: New I-D: HTTP Message Signatures
Rob Sayre <sayrer@gmail.com> Sun, 15 December 2019 21:15 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AED45120058 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 15 Dec 2019 13:15:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ypt-PNLtqtVS for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 15 Dec 2019 13:15:13 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEF3E12003F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 15 Dec 2019 13:15:12 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1igbBl-0007g7-5N for ietf-http-wg-dist@listhub.w3.org; Sun, 15 Dec 2019 21:12:29 +0000
Resent-Date: Sun, 15 Dec 2019 21:12:29 +0000
Resent-Message-Id: <E1igbBl-0007g7-5N@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <sayrer@gmail.com>) id 1igbBh-0007fH-Qt for ietf-http-wg@listhub.w3.org; Sun, 15 Dec 2019 21:12:25 +0000
Received: from mail-io1-xd2a.google.com ([2607:f8b0:4864:20::d2a]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <sayrer@gmail.com>) id 1igbBg-0003yu-8i for ietf-http-wg@w3.org; Sun, 15 Dec 2019 21:12:25 +0000
Received: by mail-io1-xd2a.google.com with SMTP id i11so1711125ioi.12 for <ietf-http-wg@w3.org>; Sun, 15 Dec 2019 13:12:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kXqfsSksu+4mw43c+fB2GlkMIoI9ACOsA/3ZmD0DONo=; b=F2NMtAG4/H9g+4CHAK1EG4zD9B8UV7dVpaVS5iDZukpNit/rOHjBfPb0u2BwcPWE/s H2FYSv/R1ePLqYyVurGdjVh11Anb9cUkj51bDlUShryr0u+RdxSviCSqHF27BaqpSKxt c3ff9WXEMkTdxy8zBUECOc00bc661UtId58CHjf89LMgl5PkGxTaZXifNuckd70r50/R lhQ7zVKCqRsryh306IYLuSbXykyxairOpxaxxeuCGetBACPVWHIrs6P0DKHsekYf3q5I vL8g500ckpr3yiO8ryeaDziU7o2Uju71g2Kh57Y/7qWBy0I/hctfpG92Orv55LAZmxB2 ECTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kXqfsSksu+4mw43c+fB2GlkMIoI9ACOsA/3ZmD0DONo=; b=EgSc7+S+Bl3/uGv113qF6TbRh70cSzzOVa/9Nd+p6YStA3rhXwlu5DU4+7+rcWwWXm +CkD/lZ/Cc7H+A2WSLTCPf30+KwbcLL7afdm9DHUENsOB8FrIlYbl2NIdBVCj38lp9jN rQO/ykSoWYZh9j5DVxjTFA4nZglVSiu53kPBIJRQQ0LpFNjCap8AbZHJfBM0bvaRyltN XNoOYWRfRcf2VKnec4zrq2DLK/VHb4sZPOWjk8Bdtlkr1aNfDuC61ACWCYuIuqYnk/p2 JOnsdjL3h2JORfCtG+85MhXLcw5tBMmDVO+uzjAmJa9J2EDNKcmape0cv3S9QmWo4JUv 52mg==
X-Gm-Message-State: APjAAAXkADTLz086sNP9r+vBBaA4tn0LKgbqm4UBUBOdfulI3ya3tty1 hGmZ73m3uM+3zclAoDoSF0JkPqK6VccL9SUlO24=
X-Google-Smtp-Source: APXvYqxN4RzDUuHnl/p0J0kD2VTYB4LWROoA7Bd+gwY1q5ZoG/zq2s6QYAKpKIQID4jUMJW+g9GefmMIiTkIArCmsUc=
X-Received: by 2002:a6b:ec08:: with SMTP id c8mr16163829ioh.257.1576444342568; Sun, 15 Dec 2019 13:12:22 -0800 (PST)
MIME-Version: 1.0
References: <CF6EE96A-53B6-4EE6-8D47-5A543EB57759@amazon.com>
In-Reply-To: <CF6EE96A-53B6-4EE6-8D47-5A543EB57759@amazon.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 15 Dec 2019 13:12:11 -0800
Message-ID: <CAChr6SyUXwg061TAf2TA4C83WjQw8rJDaP4Jh8ijBDhiHbz-pQ@mail.gmail.com>
To: "Richard Backman, Annabelle" <richanna@amazon.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Justin Richer <justin@bspk.io>, Manu Sporny <msporny@digitalbazaar.com>
Content-Type: multipart/alternative; boundary="0000000000000c0b900599c48d14"
Received-SPF: pass client-ip=2607:f8b0:4864:20::d2a; envelope-from=sayrer@gmail.com; helo=mail-io1-xd2a.google.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1igbBg-0003yu-8i 4335d63f1189c24af3211ebe47f3e84e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New I-D: HTTP Message Signatures
Archived-At: <https://www.w3.org/mid/CAChr6SyUXwg061TAf2TA4C83WjQw8rJDaP4Jh8ijBDhiHbz-pQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37219
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Thu, Dec 12, 2019 at 4:22 PM Richard Backman, Annabelle < richanna@amazon.com> wrote: > Hello HTTP Working Group, > > > > I have just published a new I-D on an old topic, HTTP Message Signatures: > https://datatracker.ietf.org/doc/draft-richanna-http-message-signatures/ > > > This document describes a mechanism for creating, encoding, and verifying > digital signatures or message authentication codes over content within an > HTTP message. This mechanism supports use cases where the full HTTP message > may not be known to the signer, and where the message may be transformed > (e.g., by intermediaries) before reaching the verifier. > > > There is growing widespread interest in this topic (see Justin Richer’s > SecDispatch presentation at IETF 106); the goal of this draft is to provide > a general purpose signing mechanism that can be used directly or profiled > to fit specific use cases. > Hi, Thanks for writing this up. I'd like Appendix B to compare and contrast the draft with AWSv4, which seems to be good enough for many use cases. In particular, I've noticed that mobile clients tend to segment uploads so they can be resumed, and servers segment streaming media so they can switch quality settings using things like HLS and DASH. thanks, Rob
- New I-D: HTTP Message Signatures Richard Backman, Annabelle
- Re: New I-D: HTTP Message Signatures Roberto Polli
- Re: New I-D: HTTP Message Signatures Thomas Peterson
- Re: New I-D: HTTP Message Signatures Richard Backman, Annabelle
- Re: New I-D: HTTP Message Signatures Thomas Peterson
- Re: New I-D: HTTP Message Signatures Carsten Bormann
- Re: New I-D: HTTP Message Signatures Rob Sayre
- Re: New I-D: HTTP Message Signatures Richard Backman, Annabelle
- Re: New I-D: HTTP Message Signatures Roberto Polli
- Re: New I-D: HTTP Message Signatures Roberto Polli