Encryption simplification
Martin Thomson <martin.thomson@gmail.com> Sun, 30 October 2016 10:27 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23A0A1294C5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 30 Oct 2016 03:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.098
X-Spam-Level:
X-Spam-Status: No, score=-6.098 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQ0BLzEH5N2q for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 30 Oct 2016 03:27:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA40512945C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 30 Oct 2016 03:27:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c0nGd-0001fI-9P for ietf-http-wg-dist@listhub.w3.org; Sun, 30 Oct 2016 10:23:07 +0000
Resent-Date: Sun, 30 Oct 2016 10:23:07 +0000
Resent-Message-Id: <E1c0nGd-0001fI-9P@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1c0nGU-0001bn-SD for ietf-http-wg@listhub.w3.org; Sun, 30 Oct 2016 10:22:58 +0000
Received: from mail-qk0-f178.google.com ([209.85.220.178]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1c0nGO-0002ay-OO for ietf-http-wg@w3.org; Sun, 30 Oct 2016 10:22:53 +0000
Received: by mail-qk0-f178.google.com with SMTP id v138so43088718qka.0 for <ietf-http-wg@w3.org>; Sun, 30 Oct 2016 03:22:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Xuy65opcf3AEDI0gf79IXGw7u6O9VoutsVvHr00/k+c=; b=mSfTGqhnCdK2ZRQFF9Ed69DXalDYhuaPLXjY94EkUdOKaIFTI2YF7HRg2YdvOobXsu iO5mkmWiOXSqJwdf/QsonG6WVwo1y9Tn2bdqK+xbvpqVsNpyxCElA6SGYF1rLx3we2jv SxA6H53Sq/YBSIYAa3qWmaJWE5ubB5EA2eGpyO+u3oFNSJ5OfytfzW93qbbMKE6lvnhc FxPa775OaCxw3Tswif9LCK5eZXLrHoOpxTNF/BPPjSB5mcyibF7ODlq5GFVUf9vQcAgz 1faHqYdvajilYvlbx00k9+RsEUmhc8UzZMfiz7eVe7pq/fqpEF+hB5IRsJ080QHiY8cn aBeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Xuy65opcf3AEDI0gf79IXGw7u6O9VoutsVvHr00/k+c=; b=dcGe/Byfc3Deh/6SFhg3P4Nhs+2mBPxNfC2jRlR4ZUXIorRVIEhbb8tE++MX4AXr7w iJ3nuTW4sCyKW7ikzct5mZ+jBNjrF4hXSht+CUSykuLoEHlc8T4dV+kVrdYFDvrXfrd1 4QXP6JM6sHl/re6BhZN/N+pMK/vXe4LjTxvrVWTTVdRU/istRmloOTggamDRpVdTNv01 Hgm3h+S/BPpHCziLkI1iYDHvPND9mTBer+L0yfN0+Wfe8DgL476pIoHRW+KwEWoUbmDR YWuy1CGzXw3+d9DmrzFJYAgRxt8ae2OhFUtpudi5nJdfD1EcS2YffNW//XYURJrdeaxs EISg==
X-Gm-Message-State: ABUngveECSD7TPmMSh0ZcYlFD+JkfjQ3IbdLploZceiSMcwPBzK/uhv48QaEuYDADdPCK6BmxW6tmqH6PmRH+g==
X-Received: by 10.55.158.199 with SMTP id h190mr20778044qke.202.1477822946744; Sun, 30 Oct 2016 03:22:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Sun, 30 Oct 2016 03:22:26 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Sun, 30 Oct 2016 21:22:26 +1100
Message-ID: <CABkgnnWVB3mnkGn9OmvgmLU7yDww40OQ_0pp_HeNdziqGYA0og@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.220.178; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f178.google.com
X-W3C-Hub-Spam-Status: No, score=-5.8
X-W3C-Hub-Spam-Report: AWL=-0.258, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c0nGO-0002ay-OO 782ec0085c2789080b9906b67dfda13b
X-Original-To: ietf-http-wg@w3.org
Subject: Encryption simplification
Archived-At: <http://www.w3.org/mid/CABkgnnWVB3mnkGn9OmvgmLU7yDww40OQ_0pp_HeNdziqGYA0og@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32732
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
After discussion about content codings, I've made something of a
drastic change to the encryption draft. A preview is here:
http://httpwg.org/http-extensions/encryption-preview.html
The pull request is here:
https://github.com/httpwg/http-extensions/pull/252
This is a huge simplification in many ways, so I think that's a fair
improvement.
The main assertion that this assumes is this: content codings should
be self-descriptive.
Obviously, this isn't a strong assertion given that this content
coding requires a key, and SDCH relies on having an external
dictionary, but the point is that the contents of the message can be
decoded without reading additional header fields. This is consistent
with the observation that James Manger made about the MICE content
coding previously [1].
To that end, I've removed the Encryption header field and packed the
critical data into the content itself. This is more efficient and
avoids strange cross-header-field correlation between Encryption and
Content-Encoding. It retains Crypto-Key and key identifiers, but
that's necessary since they generally travel separately.
I realize that we're close to the draft submission deadline, so I'm
planning to publish the draft with these modifications. We can
continue to have this discussion. Thanks to the magic of revision
control systems, it's easy to revert this change if needed.
(Yes, this messes with webpush, I still need to talk to people about
what to do there.)
[1] https://lists.w3.org/Archives/Public/ietf-http-wg/2016AprJun/0242.html
- Encryption simplification Martin Thomson
- Re: Encryption simplification Julian Reschke
- Re: Encryption simplification Poul-Henning Kamp
- Re: Encryption simplification Kari Hurtta
- Re: Encryption simplification Martin Thomson
- Re: Encryption simplification Costin Manolache
- Re: Encryption simplification Willy Tarreau
- Re: Encryption simplification Martin Thomson
- Re: Encryption simplification Kari Hurtta
- Re: Encryption simplification Costin Manolache
- Re: Encryption simplification Kari Hurtta
- Re: Encryption simplification Mark Nottingham
- Re: Encryption simplification Julian Reschke