IETF Logo Mail Archive

New I-D: HTTP Message Signatures

"Richard Backman, Annabelle" <richanna@amazon.com> Fri, 13 December 2019 00:21 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A58F120090 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Dec 2019 16:21:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level:
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EB7WOiUh8b-7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Dec 2019 16:21:29 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C4D2120071 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 12 Dec 2019 16:21:29 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ifYfM-0006Wg-I3 for ietf-http-wg-dist@listhub.w3.org; Fri, 13 Dec 2019 00:18:44 +0000
Resent-Date: Fri, 13 Dec 2019 00:18:44 +0000
Resent-Message-Id: <E1ifYfM-0006Wg-I3@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <prvs=243debc37=richanna@amazon.com>) id 1ifYfI-0006W2-Ue for ietf-http-wg@listhub.w3.org; Fri, 13 Dec 2019 00:18:40 +0000
Received: from smtp-fw-6001.amazon.com ([52.95.48.154]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <prvs=243debc37=richanna@amazon.com>) id 1ifYfH-000354-H8 for ietf-http-wg@w3.org; Fri, 13 Dec 2019 00:18:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1576196320; x=1607732320; h=from:to:cc:subject:date:message-id:mime-version; bh=jUMhLY6n+nPPhFihT9ifayCDbggUbfk/h8rQ1KEiqcQ=; b=AhbZgdxlTBdXeHQyB/niZJYHsjWb6thxha30MYdxlOBn5zaGjYkf2H0l nJffDYyrGAw62c2ftnOvZRqcGLleduWLF5fa3V3kYtJJW7hLAfPzgZpeN MUPgCCkQyZgbwgLE4OuUOE5C1bE6aGeeHGDvU9ieB8ffSythqctBUacbn Y=;
IronPort-SDR: N3AQtsyB2z6K2YZHtYqMOJn28v8jEthm5+47kipDME5DGnIlIw/u0mjcpcZuON/VCgVpl4cJe+ 3GNpSg3YNu1A==
X-IronPort-AV: E=Sophos;i="5.69,307,1571702400"; d="scan'208,217";a="8874647"
Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1d-f273de60.us-east-1.amazon.com) ([10.124.125.6]) by smtp-border-fw-out-6001.iad6.amazon.com with ESMTP; 13 Dec 2019 00:18:39 +0000
Received: from EX13MTAUWC001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162]) by email-inbound-relay-1d-f273de60.us-east-1.amazon.com (Postfix) with ESMTPS id 54103A20C2; Fri, 13 Dec 2019 00:18:36 +0000 (UTC)
Received: from EX13D11UWC003.ant.amazon.com (10.43.162.162) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 13 Dec 2019 00:18:36 +0000
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13D11UWC003.ant.amazon.com (10.43.162.162) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 13 Dec 2019 00:18:36 +0000
Received: from EX13D11UWC004.ant.amazon.com ([10.43.162.101]) by EX13D11UWC004.ant.amazon.com ([10.43.162.101]) with mapi id 15.00.1367.000; Fri, 13 Dec 2019 00:18:36 +0000
From: "Richard Backman, Annabelle" <richanna@amazon.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
CC: Justin Richer <justin@bspk.io>, Manu Sporny <msporny@digitalbazaar.com>
Thread-Topic: New I-D: HTTP Message Signatures
Thread-Index: AQHVsUrcUPJhDTyKvk2JMLyi0lfpog==
Date: Fri, 13 Dec 2019 00:18:36 +0000
Message-ID: <CF6EE96A-53B6-4EE6-8D47-5A543EB57759@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.161.179]
Content-Type: multipart/alternative; boundary="_000_CF6EE96A53B64EE68D475A543EB57759amazoncom_"
MIME-Version: 1.0
Received-SPF: pass client-ip=52.95.48.154; envelope-from=prvs=243debc37=richanna@amazon.com; helo=smtp-fw-6001.amazon.com
X-W3C-Hub-Spam-Status: No, score=-13.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ifYfH-000354-H8 ed894e785a4c11bf5fe1a5b4d02d7eeb
X-Original-To: ietf-http-wg@w3.org
Subject: New I-D: HTTP Message Signatures
Archived-At: <https://www.w3.org/mid/CF6EE96A-53B6-4EE6-8D47-5A543EB57759@amazon.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37209
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hello HTTP Working Group,

I have just published a new I-D on an old topic, HTTP Message Signatures: https://datatracker.ietf.org/doc/draft-richanna-http-message-signatures/

This document describes a mechanism for creating, encoding, and verifying digital signatures or message authentication codes over content within an HTTP message. This mechanism supports use cases where the full HTTP message may not be known to the signer, and where the message may be transformed (e.g., by intermediaries) before reaching the verifier.

There is growing widespread interest in this topic (see Justin Richer’s SecDispatch presentation at IETF 106); the goal of this draft is to provide a general purpose signing mechanism that can be used directly or profiled to fit specific use cases. This draft is based on draft-cavage-http-signatures-12<https://tools.ietf.org/id/draft-cavage-http-signatures-12.txt>, which has been under independent development for several years. While we have identified several issues with that draft, in the interests of maintaining continuity with that work, we have avoided making normative changes at this time and instead documented these issues as topics for discussion. We would like the HTTP working group to consider adopting this draft, so that this discussion can happen in an open forum, with the right audience.

Please read and reply with any questions or feedback you have.

–
Annabelle Richard Backman
AWS Identity

v2.23.0 | Report a Bug | By Email