Re: Signing Set-Cookie

Willy Tarreau <w@1wt.eu> Tue, 07 June 2022 06:29 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1078CC15AAD8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 Jun 2022 23:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.661
X-Spam-Level:
X-Spam-Status: No, score=-7.661 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E8Bk54DtFMi5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 Jun 2022 23:29:42 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E565EC159529 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 6 Jun 2022 23:29:42 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nySgj-0003Zt-Vv for ietf-http-wg-dist@listhub.w3.org; Tue, 07 Jun 2022 06:27:38 +0000
Resent-Date: Tue, 07 Jun 2022 06:27:37 +0000
Resent-Message-Id: <E1nySgj-0003Zt-Vv@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1nySgh-0003Ya-VU for ietf-http-wg@listhub.w3.org; Tue, 07 Jun 2022 06:27:35 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by mimas.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1nySgg-0002rU-IG for ietf-http-wg@w3.org; Tue, 07 Jun 2022 06:27:35 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 2576RGqb005922; Tue, 7 Jun 2022 08:27:16 +0200
Date: Tue, 07 Jun 2022 08:27:16 +0200
From: Willy Tarreau <w@1wt.eu>
To: Martin Thomson <mt@lowentropy.net>
Cc: Justin Richer <jricher@mit.edu>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20220607062716.GA5885@1wt.eu>
References: <A0601849-2870-4150-9926-5FA706D7F6DE@mit.edu> <CACcvr==K0gjhOaBaxt8vK80UYo1tAHVrh78yCcAEMvwx4tT=ag@mail.gmail.com> <7dff30c8-faac-413f-8387-f0a5a51fc6ff@beta.fastmail.com> <A659F1C6-97D6-48FB-BDED-B885AF93E553@mit.edu> <5f586a5b-4d62-40c8-8fa8-f747d08fd52f@beta.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5f586a5b-4d62-40c8-8fa8-f747d08fd52f@beta.fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1nySgg-0002rU-IG 0cbb34e58ee88a3ab005dbe9fb5dc304
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Signing Set-Cookie
Archived-At: <https://www.w3.org/mid/20220607062716.GA5885@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40077
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Tue, Jun 07, 2022 at 08:28:08AM +1000, Martin Thomson wrote:
> Hey Justin,
> 
> I don't agree that this is an acceptable way of dealing with this problem.
> It makes the content under signature malleable.  Even if that is extremely
> narrowly applicable, I don't see how we could publish a specification where
> the only defense against an attack like this is text to the effect of "this
> might happen".

Agreed. Signed contents may never be trusted more than the algorithm
used to sign them. If you start by not trusting the algorithm, it's not
by suggesting to be extra careful with the contents that we can deal
with this. And the use of the signature is here precisely to help an
implementation know if it may or may not trust the contents, so that
would completely defeat the purpose.

Willy