IETF Logo Mail Archive

Re: feedback on draft-ietf-httpbis-message-signatures-13

Dick Hardt <dick.hardt@gmail.com> Mon, 17 October 2022 23:18 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06A7DC1524B8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Oct 2022 16:18:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZC7jLQhMECAD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Oct 2022 16:18:27 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0539BC1522CD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 17 Oct 2022 16:18:26 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1okZKE-00GE4e-9f for ietf-http-wg-dist@listhub.w3.org; Mon, 17 Oct 2022 23:15:14 +0000
Resent-Date: Mon, 17 Oct 2022 23:15:14 +0000
Resent-Message-Id: <E1okZKE-00GE4e-9f@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <dick.hardt@gmail.com>) id 1okZKC-00GE3l-19 for ietf-http-wg@listhub.w3.org; Mon, 17 Oct 2022 23:15:12 +0000
Received: from mail-yw1-x1135.google.com ([2607:f8b0:4864:20::1135]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <dick.hardt@gmail.com>) id 1okZKA-00EmJM-9B for ietf-http-wg@w3.org; Mon, 17 Oct 2022 23:15:11 +0000
Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-35befab86a4so121763537b3.8 for <ietf-http-wg@w3.org>; Mon, 17 Oct 2022 16:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QlVlo7BtoeX87zimjNFvS3PKf0GbdTRuBxuvNkdKg+k=; b=JEeSjAyALVCVFDbLwcTA9EIKLCnB0BdqbAo0snpssYNQXxiCfCzyammgDNtOx2tErg 7Rei8XStCwFBQhlwh5c4xl6C9d/6iP8GnDUeoKFT648OjO27T135DfstWBrg/VkMoTS3 wnKPzj2fvN++B3PL1DgzPrD0YrfZPcvN1ZAmg98Vmfv39RIhQtxdPqFOK10bhF4To40F WJHfRU8QKzzp7/S87e/4NGDXNAzPqk4Bz056RGbtk2wCizrJddWsxz6wO1Lc8qup8S0x mSsGc9Xl1Ah2PrtGwhkm7L7VvzFlu8/PZ9bGMANrkhwPD7AEhRn2W8wtJqcc2Os3hMBC 1/kQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QlVlo7BtoeX87zimjNFvS3PKf0GbdTRuBxuvNkdKg+k=; b=B0GW+0LEauRhZH5vTbrXsyLvlLkpZaBfsN8NRTXTXQQBlBDXnKvggYVhexAPehTZ5K 7sbUxoSrkHHU4Lco08VkBV4HEq8YceUtFSAuHkhwvwcwGgfHXZPMmCRiUFu+s/oUxulJ G7e+hyRZT2Yf/8NVQVb0QnAYKHHRwy1LyGdgZQxNxOfkdUUUJjUndrIdWXaHxvsOdZ6i l/b6+5ptweTbDL723HMFLIjmPkX6nB7XrPMKkSdfbMjEEYQ1A9W75zGdgPIl/e7kiqfh QF9Lh7hpxp1BdqypMn2TqTooxnzgLequUAc/1cdIpP3yGLs4a6DehVVrVLyuFvo0/2vh Vl0w==
X-Gm-Message-State: ACrzQf1Ml1aiwzIwIKtOhg9wFcNqBneinDf+zLUWPWDcMu23nfxOV8zG oyhba87ht5hrERir1QQQa8Kh6AfmEn2FLiHpT5o9Br3E
X-Google-Smtp-Source: AMsMyM74ZUH6f0QjvUHcgRAxieSqYBTlrGAXSYqzkS9JoKlKfPoIPfUcezmob9wXGUCQU4lLW4VIHMfXNzHCnUPdgZQ=
X-Received: by 2002:a81:9e42:0:b0:361:4dad:7a95 with SMTP id n2-20020a819e42000000b003614dad7a95mr148769ywj.256.1666048499126; Mon, 17 Oct 2022 16:14:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-uvOK_-JxDjtZrPXGqdHUSYFNdKsaGKp6jNNhZB5bVXuA@mail.gmail.com> <9A670797-BEF3-41A5-A73F-3715F1617EF0@amazon.com>
In-Reply-To: <9A670797-BEF3-41A5-A73F-3715F1617EF0@amazon.com>
Reply-To: Dick.Hardt@gmail.com
From: Dick Hardt <dick.hardt@gmail.com>
Date: Mon, 17 Oct 2022 16:14:22 -0700
Message-ID: <CAD9ie-tJ3ceV63JqqnqGOpcwQxNxG-rR0-aFYVMNuCUbC-Svwg@mail.gmail.com>
To: "Backman, Annabelle" <richanna@amazon.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>, Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="000000000000f8167405eb4324cd"
Received-SPF: pass client-ip=2607:f8b0:4864:20::1135; envelope-from=dick.hardt@gmail.com; helo=mail-yw1-x1135.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=dick.hardt@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1okZKA-00EmJM-9B 48e7d6e88339c2e2e312a5da23f8af60
X-Original-To: ietf-http-wg@w3.org
Subject: Re: feedback on draft-ietf-httpbis-message-signatures-13
Archived-At: <https://www.w3.org/mid/CAD9ie-tJ3ceV63JqqnqGOpcwQxNxG-rR0-aFYVMNuCUbC-Svwg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40461
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, Oct 17, 2022 at 3:06 PM Backman, Annabelle <richanna@amazon.com>
wrote:

> there is no guidance to an implementer when HTTP Message Signatures would
> be preferable to other signature mechanisms.
>
>
> We attempt address this in the Introduction (Section 1)
> <https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#name-introduction>, which
> describes the limitations of TLS and challenges posed by HTTP itself.
>

There are other ways to provide signature mechanisms.


>
> We can add text to this effect under Requirements (Section 1.2)
> <https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#name-requirements>
> .
>
> There are a number of common deployment models where HTTP Message
> Signature will not preserve @target-uri as the @target-uri is different at
> the application server than what the client called.
>
> One of these is where a CDN such as CloudFront serves both static and
> dynamic content. The CDN routes requests that match certain paths to
> different hosts. For example when receiving a call to
> https://www.example.com/api/v1/* the CDN may proxy the call to
> https://v1.api.example.com/*
>
> Another is where messages are routed between microservices. A message
> router may route calls to https://www.example.com/api/v1/people/* to
> http://people within the services network.
>
> That would help.


>
> This is addressed in Application of HTTP Message Signatures (Section 1.4)
> <https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#section-1.4-2.5>,
> and in two Security Considerations: Message Component Source and Context
> (Section 7.4.3)
> <https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#name-message-component-source-an>
>  and Multiple Message Component Contexts (Section 7.4.4)
> <https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#name-multiple-message-component->.
> 1.4 and 7.4.3 in particular explain that the verifier may apply
> application-specific logic when deriving the context for a signature in
> order to account for transformations that are expected. 7.4.4 includes a
> non-normative example of how a reverse proxy such as a load balancer could
> add a `Forwarded` header field and its own signature to requests in order
> to allow a downstream verifier to verify the client's signature and verify
> that the transformations made to the @target-uri are acceptable.
>

"application-specific logic" is leaving the deficiencies when using a load
balancer as an exercise to the user. Perhaps writing a standard way to
resolve this would enable developers to use common infrastructure rather
than bespoke and potentially flawed implementations?

Are there any plans for AWS to add the signature mechanism and the
"Forwarded" header?


>
> the canonicalization was non-trivial
>
>
> Canonicalization has been brought up before, and I confess to being very
> confused every time it is raised, as pretty much the only
> "canonicalization" in HTTP Message Signatures is the lower-casing of HTTP
> header field names…which I'd like to think is a relatively safe move.
>

Unlike JOSE where the JSON is taken as an exact string, HTTP headers are
liberal in what they accept. For example, the Authorization header when
using an OAuth 2 access token could use Bearer or bearer, and may be
delineated by one or more white spaces. An intermediate processing of the
HTTP message may "clean" up extra white space, changing the content of what
is signed.

Per my own experience, I had mistyped the twitter.com URL to have HTTP
instead of HTTPS.

there were a number of non-deterministic flows
>
>
> The authors' believe the spec is deterministic. Have you identified ways
> or places where it is not?
>

I was referring to the implementation of XML-DSIG that we worked on

I also recall trying to do SigV4 by hand one time because the AWS service I
was testing out was in beta and there was no library for me to use with my
preferred language. I never did get it working -- I chose to wait for a
library.

I think the authors have done a laudable job of specifying how to make this
work. It is a HUGE spec and based on my experience and limitations above --
I would suggest seeing more interoperable implementations before moving to
WGLC so that you can smoke out other issues.

/Dick

v2.23.0 | Report a Bug | By Email