Re: signatures vs sf-date
Julian Reschke <julian.reschke@gmx.de> Fri, 02 December 2022 21:44 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D74C14CE2B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 2 Dec 2022 13:44:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.75
X-Spam-Level:
X-Spam-Status: No, score=-7.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TgCewMeBNWq for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 2 Dec 2022 13:44:32 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 294D6C14CE26 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 2 Dec 2022 13:44:32 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1p1DpV-00ANHj-ET for ietf-http-wg-dist@listhub.w3.org; Fri, 02 Dec 2022 21:44:21 +0000
Resent-Date: Fri, 02 Dec 2022 21:44:21 +0000
Resent-Message-Id: <E1p1DpV-00ANHj-ET@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <julian.reschke@gmx.de>) id 1p1DpT-00ANGR-Fu for ietf-http-wg@listhub.w3.org; Fri, 02 Dec 2022 21:44:19 +0000
Received: from mout.gmx.net ([212.227.15.15]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <julian.reschke@gmx.de>) id 1p1DpS-004Lao-1a for ietf-http-wg@w3.org; Fri, 02 Dec 2022 21:44:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1670017443; bh=+i9oWQOjZsnGgu2TWCbVdOFiEP0q8eQn+KpGc+V9Lg0=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To; b=Si8Nw/CmyQjpfAoUmz3ZSplbCc8lxWexfRpFo1FsNIZkvIpr5z+tcVcG87vmi+YoW ylp1pL8MIfZLcpA+O1Ed/dlN5EuY8+L5m0nsjLgQ1LvDWLwfkIj1HxROYotfWT21JK z+aFXEVa7G1smsx2FO1P6ayrfM40xLX+Qh91/P4sob75GYvFFVwO37FtXtAbr+GCKV UXqBrPBEmoA369nV88n5R5IaGuaKibtt2oYb2tVvj2ZwSRBBUa2QApYKUx8b1PubVH VE3nnS/EU1FdqnbVefqBLI49Y61UJFXIoh9avkmywVjiKSLbY7WN3gcQJJEZfQtIT4 GMWKbYvMpUh3g==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.178.20] ([217.251.128.99]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N49h5-1osjLe2dUH-0106uS; Fri, 02 Dec 2022 22:44:03 +0100
Message-ID: <fc9b14a4-a608-4073-5240-fc6189f28099@gmx.de>
Date: Fri, 02 Dec 2022 22:44:02 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0
Content-Language: en-US
To: Justin Richer <jricher@mit.edu>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
References: <2070c8e0-98d6-7b63-77c3-550bcd661397@gmx.de> <04A5CE20-A291-4FA4-A330-FB1090697EA1@mit.edu> <a8a2a20e-335a-7f6f-7fb0-809c54bb98fc@gmx.de> <714A974B-2A87-4010-B415-C85F6B788175@mit.edu>
From: Julian Reschke <julian.reschke@gmx.de>
In-Reply-To: <714A974B-2A87-4010-B415-C85F6B788175@mit.edu>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:6yBDb3LxAikEsA4fk+yilWtstazELvhJjOdTy7Ai87bq7sqUwYF fBN+XKZhME2qZ653Nxr367YnI+L1EsYoF1GoeyhKoKiWTIcq7U6XOMK+58kkJ7O066O3lgh G1Ik5pRVKnfhwiYg80PkBNTv5ZPg7zlqNLbDVvPvdIXHJlsd8aKCXsthoXH+TvjkksoupXw CjdYU0jSdi/7vztvS/I0A==
UI-OutboundReport: notjunk:1;M01:P0:QeUOiciEWz4=;Yy7r7pmt/A3BwsDpuvIRqLUsP0E 830S9q+IzxmTgzzjdARPxtonAixPgNnbvmMDl85K9ZwEXV6PFvZ6o8zoVDgYI/FsSqzv7iB0W S3Z5yvcic00GIXjT3F9p7tAEZSZ79YYl0MmFJtMXBFnUeCL8yOovWmRv0QG+rshgD23qg9AqR G6T8IH0MCUHaak6NeQ7Lr0HV9zFAR8yHi/VfkCJlHDrw7R2H5bG5/sVxvcDhIkYxYJsE5ygbX Lf5YEpI2m3THQ4x1Ct/iarpb2I6ELD09kscQoYDdzTWqbOuZELuQr0E4CbJRo4n0O39p47NJu GHpDRRVUsvEWmDL966iUfE4Trmgh6FbBdY459xAl+JRt+FRHYR+PLVzKLe9ik90vRBYVRWTFw m9u4Bp47Dh2bwZMSxeZQ3FgFEm6KMjQ31wtw707vyQdhd2DWC9vKWZNZoTlKEbcU9teKV3XeQ meqhf6p1i+Gg6PkH9hTsUxaRgCKcRErkfpTYQfaGCBq7qweNhk6SqtsLsxdkG0XMDhk/D4E9j 1tju0DuNqV13fb8SVXUCflgDyBmFq5UGht+WwjMa0/rgqWlwlrChEVXkdE34yNj0R/gudwYKD 4guEDib0HIYI+bPXFk5Z+0moddCUZ5ewD3ugPxYuFx+24FmnTzrTvC+O7Vql+ZTyN3yh2uc0B svNXh9eqRlxc3MRLMeHl1jngbzFdhI1oOPs4lYztSCoRx2qV2NiCt385icyJZpaX1F2/gnmcF uAxoZrHe1TTxq2vxbEX1AmGcKOZcdH5T0LONWL1b8VkTjapM9VTm/DYWlx7/w6SN2ZqOwSOf+ gT+6TKNzNtR2QHB0CGPNmQdpKI/Vzo2dR4Ed7NbxUkXWu2ZF/LIJjWdTLEUPUySTFgwQaCgII sck0CDM//XJ2exGsp5mYwYY8jh0TKGSATS6dI1HCanNSLBZVqeRg/a57HNsGxrxcIVvX9H94p 4VMk6DILgg2HmHIwB+PGeiZcdN8=
Received-SPF: pass client-ip=212.227.15.15; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-DKIM-Status: validation passed: (address=julian.reschke@gmx.de domain=gmx.de), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.258, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1p1DpS-004Lao-1a c8732d9a17793d76160a272f1ef6e631
X-Original-To: ietf-http-wg@w3.org
Subject: Re: signatures vs sf-date
Archived-At: <https://www.w3.org/mid/fc9b14a4-a608-4073-5240-fc6189f28099@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40631
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 02.12.2022 21:58, Justin Richer wrote: >> >>>> 2) When signing parts of a SF shaped field, should it support RFC >>>> 8941bis in some way? >>> >>> That should “just work”. If you’re doing SF fields using the SF-bit or anything else that uses strict serialization rules, and your system needs and supports the SFbis definitions, then it should just work. Otherwise if someone sends you something that you can’t parse, well, then you need to figure out how to parse it, right? >>> >>> I don’t think there’s any change that needs to be made for that. If SFbis gets out the door first (or even has an RFC number first), we can change the reference and call it a day. Or a @DATE. :) >> >> Hmm. >> >> If the sender sends something with an sf-date and signs that part, >> signature validation will fail on the recipient unless it also has SFBIS >> support, right? >> >> So, rephrasing this in a more generic way: once SFBIS is out, do we >> expect everybody to update their libraries? And if so, what does this >> man for what we say in the signatures spec? >> > > I think this is going to be the problem with any upgrade that adds any new features to any system, isn’t it? If the signer is sending something in sf-date but the verifier can’t process sf-date … then that field value isn’t going to be processed correctly anyway, is it? Since the receiver wouldn’t be able to handle the sf-date field. > > You have to upgrade your libraries and code to support new features. That is unsurprising and hardly unique to this current situation. > > The question is what we should do about it here — and I’d argue we shouldn’t do anything about it in particular. It's a common problem, yes. But in this case we don't have a version signal *and* timing of the specs would allow us to be more specific. (I'm not sure what the right answer is, but it should be a conscious decision of the WG, not something that "just happened that way"). Best regards, Julian
- signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Poul-Henning Kamp
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Poul-Henning Kamp
- Re: signatures vs sf-date Martin J. Dürst
- Re: signatures vs sf-date Poul-Henning Kamp
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Poul-Henning Kamp
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Poul-Henning Kamp
- support for non-ASCII in strings, was: signatures… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Carsten Bormann
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: signatures vs sf-date Justin Richer
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Ilari Liusvaara
- Re: signatures vs sf-date Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Roy T. Fielding
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Roy T. Fielding
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: signatures vs sf-date Justin Richer
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: signatures vs sf-date Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Poul-Henning Kamp
- Re: support for non-ASCII in strings, was: signat… Mark Nottingham
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Mark Nottingham
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Willy Tarreau
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: support for non-ASCII in strings, was: signat… Julian Reschke
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Mark Nottingham
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Lucas Pardue
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Ilari Liusvaara
- Re: signatures vs sf-date Lucas Pardue
- Re: signatures vs sf-date Mark Nottingham
- Re: signatures vs sf-date Lucas Pardue
- Re: signatures vs sf-date Mark Nottingham
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Mark Nottingham
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Watson Ladd
- Re: signatures vs sf-date Julian Reschke
- Re: signatures vs sf-date Watson Ladd
- Re: signatures vs sf-date Julian Reschke