Encryption simplification
Martin Thomson <martin.thomson@gmail.com> Sun, 30 October 2016 10:27 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23A0A1294C5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 30 Oct 2016 03:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.098
X-Spam-Level:
X-Spam-Status: No, score=-6.098 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQ0BLzEH5N2q for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 30 Oct 2016 03:27:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA40512945C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 30 Oct 2016 03:27:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c0nGd-0001fI-9P for ietf-http-wg-dist@listhub.w3.org; Sun, 30 Oct 2016 10:23:07 +0000
Resent-Date: Sun, 30 Oct 2016 10:23:07 +0000
Resent-Message-Id: <E1c0nGd-0001fI-9P@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1c0nGU-0001bn-SD for ietf-http-wg@listhub.w3.org; Sun, 30 Oct 2016 10:22:58 +0000
Received: from mail-qk0-f178.google.com ([209.85.220.178]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1c0nGO-0002ay-OO for ietf-http-wg@w3.org; Sun, 30 Oct 2016 10:22:53 +0000
Received: by mail-qk0-f178.google.com with SMTP id v138so43088718qka.0 for <ietf-http-wg@w3.org>; Sun, 30 Oct 2016 03:22:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Xuy65opcf3AEDI0gf79IXGw7u6O9VoutsVvHr00/k+c=; b=mSfTGqhnCdK2ZRQFF9Ed69DXalDYhuaPLXjY94EkUdOKaIFTI2YF7HRg2YdvOobXsu iO5mkmWiOXSqJwdf/QsonG6WVwo1y9Tn2bdqK+xbvpqVsNpyxCElA6SGYF1rLx3we2jv SxA6H53Sq/YBSIYAa3qWmaJWE5ubB5EA2eGpyO+u3oFNSJ5OfytfzW93qbbMKE6lvnhc FxPa775OaCxw3Tswif9LCK5eZXLrHoOpxTNF/BPPjSB5mcyibF7ODlq5GFVUf9vQcAgz 1faHqYdvajilYvlbx00k9+RsEUmhc8UzZMfiz7eVe7pq/fqpEF+hB5IRsJ080QHiY8cn aBeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Xuy65opcf3AEDI0gf79IXGw7u6O9VoutsVvHr00/k+c=; b=dcGe/Byfc3Deh/6SFhg3P4Nhs+2mBPxNfC2jRlR4ZUXIorRVIEhbb8tE++MX4AXr7w iJ3nuTW4sCyKW7ikzct5mZ+jBNjrF4hXSht+CUSykuLoEHlc8T4dV+kVrdYFDvrXfrd1 4QXP6JM6sHl/re6BhZN/N+pMK/vXe4LjTxvrVWTTVdRU/istRmloOTggamDRpVdTNv01 Hgm3h+S/BPpHCziLkI1iYDHvPND9mTBer+L0yfN0+Wfe8DgL476pIoHRW+KwEWoUbmDR YWuy1CGzXw3+d9DmrzFJYAgRxt8ae2OhFUtpudi5nJdfD1EcS2YffNW//XYURJrdeaxs EISg==
X-Gm-Message-State: ABUngveECSD7TPmMSh0ZcYlFD+JkfjQ3IbdLploZceiSMcwPBzK/uhv48QaEuYDADdPCK6BmxW6tmqH6PmRH+g==
X-Received: by 10.55.158.199 with SMTP id h190mr20778044qke.202.1477822946744; Sun, 30 Oct 2016 03:22:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Sun, 30 Oct 2016 03:22:26 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Sun, 30 Oct 2016 21:22:26 +1100
Message-ID: <CABkgnnWVB3mnkGn9OmvgmLU7yDww40OQ_0pp_HeNdziqGYA0og@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.220.178; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f178.google.com
X-W3C-Hub-Spam-Status: No, score=-5.8
X-W3C-Hub-Spam-Report: AWL=-0.258, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c0nGO-0002ay-OO 782ec0085c2789080b9906b67dfda13b
X-Original-To: ietf-http-wg@w3.org
Subject: Encryption simplification
Archived-At: <http://www.w3.org/mid/CABkgnnWVB3mnkGn9OmvgmLU7yDww40OQ_0pp_HeNdziqGYA0og@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32732
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
After discussion about content codings, I've made something of a drastic change to the encryption draft. A preview is here: http://httpwg.org/http-extensions/encryption-preview.html The pull request is here: https://github.com/httpwg/http-extensions/pull/252 This is a huge simplification in many ways, so I think that's a fair improvement. The main assertion that this assumes is this: content codings should be self-descriptive. Obviously, this isn't a strong assertion given that this content coding requires a key, and SDCH relies on having an external dictionary, but the point is that the contents of the message can be decoded without reading additional header fields. This is consistent with the observation that James Manger made about the MICE content coding previously [1]. To that end, I've removed the Encryption header field and packed the critical data into the content itself. This is more efficient and avoids strange cross-header-field correlation between Encryption and Content-Encoding. It retains Crypto-Key and key identifiers, but that's necessary since they generally travel separately. I realize that we're close to the draft submission deadline, so I'm planning to publish the draft with these modifications. We can continue to have this discussion. Thanks to the magic of revision control systems, it's easy to revert this change if needed. (Yes, this messes with webpush, I still need to talk to people about what to do there.) [1] https://lists.w3.org/Archives/Public/ietf-http-wg/2016AprJun/0242.html
- Encryption simplification Martin Thomson
- Re: Encryption simplification Julian Reschke
- Re: Encryption simplification Poul-Henning Kamp
- Re: Encryption simplification Kari Hurtta
- Re: Encryption simplification Martin Thomson
- Re: Encryption simplification Costin Manolache
- Re: Encryption simplification Willy Tarreau
- Re: Encryption simplification Martin Thomson
- Re: Encryption simplification Kari Hurtta
- Re: Encryption simplification Costin Manolache
- Re: Encryption simplification Kari Hurtta
- Re: Encryption simplification Mark Nottingham
- Re: Encryption simplification Julian Reschke