Re: Concrete format for signed responses
Jeffrey Yasskin <jyasskin@google.com> Sat, 09 December 2017 00:45 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB4212783A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 8 Dec 2017 16:45:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.498
X-Spam-Level:
X-Spam-Status: No, score=-6.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xiP2yfXqh83z for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 8 Dec 2017 16:45:17 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAAE1126B7E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 8 Dec 2017 16:45:16 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1eNT8h-0001vg-Iz for ietf-http-wg-dist@listhub.w3.org; Sat, 09 Dec 2017 00:37:11 +0000
Resent-Date: Sat, 09 Dec 2017 00:37:11 +0000
Resent-Message-Id: <E1eNT8h-0001vg-Iz@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1eNT8S-0001bt-1k for ietf-http-wg@listhub.w3.org; Sat, 09 Dec 2017 00:36:56 +0000
Received: from mail-it0-f48.google.com ([209.85.214.48]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1eNT8L-00033E-9u for ietf-http-wg@w3.org; Sat, 09 Dec 2017 00:36:54 +0000
Received: by mail-it0-f48.google.com with SMTP id z6so7714375iti.4 for <ietf-http-wg@w3.org>; Fri, 08 Dec 2017 16:36:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rucN2bvyd+bgOn0gLGcCmoLjv75wfXZdFkBKD0WEb1M=; b=N2YsYxxYkkPtoGotI6zRvk4jCQ+nLdEDttIg5Ooat8M/gFVZZ0PjDftlwV04kadolB JVByCJ3W7GZHTl8vSoZn7KtI1M8G5OePeAo/kGNNeIH8jiQfdKY/H9ntXe2H19+ziEc4 HS6HXjYQveDDynkg9bc9x36mDTJk+FpoxjbP4TiPMIvQ6bojAHvYVZwp4CtDxog8rzfP itXKzLvo893/P6xyKitrX8z5bjliCz2bHqEJ2m9rZvwJZ9CZbjqYR9iSfGv5AS2qNLKt aRSJSLITTzyL/Q3yIToZOJoY/6pP80508emkNfa7YgTprM7ifj5/F6rR8j4WHiRvQ4Vm 58Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rucN2bvyd+bgOn0gLGcCmoLjv75wfXZdFkBKD0WEb1M=; b=Qgs6Zlr7PrBKRgxr/TihnNsOEHpUXn9BGwy+ZHuko3SZED0gm9EBfpFmtZoEJ++h33 5yyj2mr4oLhUTS81hc4HC5rI2OwKdM7ZWmb7DDBJMqk9L/jw2WIKLjPrHPZa9Usmb5z0 2XpXfCeGE6wlPZhI1+8IBz7SN4ULqRJfUskN2l75bKSY6ru4KU4UmRTMvlPMA65O1kB4 6NXW7n7v4GBkf6bwXLy6BLuwdLupolfQLWUbTu23S3RP1/1StkvastWxpdtv7NP4W10i IuxDx4jPEsbhaadM2eewgKlipWtJOugSJ1KEMcdwwqKDhMzko3xAF0QNbM3k67xOjP3s 7+RQ==
X-Gm-Message-State: AKGB3mLU4RTzlpAOAKdxwhUcBUhfg/Ju/P/hvrnFiOlKELYzbBSvjNWl Zg486MJtBNfot165dp+ghTJ3ZF/lKJutdixIRQWdEg==
X-Google-Smtp-Source: AGs4zMYeYy4hu2mdpz2fX/ER0Czfs3p1OPdlqn2RNCpaFToIpB8sMekgCspW2jK07huDILgP+W7S90boMEIVuSX4ZUA=
X-Received: by 10.36.70.146 with SMTP id j140mr7084667itb.66.1512779786579; Fri, 08 Dec 2017 16:36:26 -0800 (PST)
MIME-Version: 1.0
References: <CANh-dXkgss_Mt0F4hv5fBcrHUJ6=BO7o5u2OCWzxJom=xAiJ0w@mail.gmail.com> <MWHPR08MB2432A0444DA51B186951F44BDA320@MWHPR08MB2432.namprd08.prod.outlook.com> <CANh-dXnO-2Kv-NckDJu6bkdvETe-nWZrwyfCmt4X5C2tqy1xgg@mail.gmail.com> <MWHPR08MB243229BA34463C63100B4174DA320@MWHPR08MB2432.namprd08.prod.outlook.com> <CANh-dXm-qBfMj3gQ08-gSPUuYtNF3u=gAAi-QRb_H8P6Q7XXKw@mail.gmail.com>
In-Reply-To: <CANh-dXm-qBfMj3gQ08-gSPUuYtNF3u=gAAi-QRb_H8P6Q7XXKw@mail.gmail.com>
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Sat, 09 Dec 2017 00:36:15 +0000
Message-ID: <CANh-dX=po0+ocp8FUceUynSfCkbVbix2d0XMtdwa65eUHAxyxw@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Lucas Pardue <Lucas.Pardue@bbc.co.uk>, matthew@kerwin.net.au
Content-Type: multipart/alternative; boundary="001a1144b8e6ce0bbe055fdd7db8"
Received-SPF: pass client-ip=209.85.214.48; envelope-from=jyasskin@google.com; helo=mail-it0-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-7.5
X-W3C-Hub-Spam-Report: AWL=1.565, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1eNT8L-00033E-9u 5dd7e70b9d7bf48e5ad032597eab7d29
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Concrete format for signed responses
Archived-At: <https://www.w3.org/mid/CANh-dX=po0+ocp8FUceUynSfCkbVbix2d0XMtdwa65eUHAxyxw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34941
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Wed, Dec 6, 2017 at 4:40 PM Jeffrey Yasskin <jyasskin@google.com> wrote: > On Wed, Dec 6, 2017 at 2:45 PM, Mike Bishop <mbishop@evequefou.be> wrote: > > Hm, then I’m not sure what sets up the deep links. I’ll defer to those > who > > know the tools better than I. > > > > > > > > https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-00 > > requires the client to advertise support for the new frame types; you > could > > steal the general structure from there. I’d just say that servers MAY > push > > signed resources for domains for which they aren’t authoritative only if > the > > client has set the newly-defined setting. Secondary Certs also defines > new > > error codes, if you wanted to steal that. > > Thanks. I'll look at that and draft-kerwin-http2-encoded-data, and > send y'all a PR Friday. > Here you go: https://github.com/WICG/webpackage/pull/94. Thanks for the example drafts. Jeffrey > What about omitting the tags entirely, and just have a two-element array > > with each element being a map? [ request, response ]. > > Positional arguments are definitely plausible. I avoided them in order > to make it easier to extend this in the future if we need to. For > example, are we totally sure that we'll never want to represent > request payloads or trailers in a signed exchange? > > Jeffrey > > > From: Jeffrey Yasskin [mailto:jyasskin@google.com] > > Sent: Wednesday, December 6, 2017 2:20 PM > > To: Mike Bishop <mbishop@evequefou.be> > > Cc: HTTP Working Group <ietf-http-wg@w3.org> > > Subject: Re: Concrete format for signed responses > > > > > > > > On Wed, Dec 6, 2017 at 10:42 AM Mike Bishop <mbishop@evequefou.be> > wrote: > > > > Thanks, Jeffrey. In parallel with other work that’s going on to make > push > > actually usable, I’m excited about the ability to push non-authoritative > > resources in a secure way. > > > > > > > > A few smaller points on the draft, most of which wind up being feedback > on > > Structured Headers more than your doc: > > > > 3.1: The usual format is “section <foo> of [BAR]”; I think if you use > that > > format, the html-ized copy will actually deep-link to the relevant > section. > > You’re following the format from draft-ietf-header-structure, so we > should > > fix it there instead. > > > > https://tools.ietf.org/html/draft-ietf-httpbis-origin-frame-04#section-1 > has > > a deep link written like ([RFC7540], Section 9.1.2), so it's not > primarily > > my syntax. I'm happy to use the 'of' syntax though if folks prefer. > > https://github.com/WICG/webpackage/pull/92 > > > > > > > > 3.1: MUST not => MUST NOT > > > > Fixed in > > > https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#rfc.section.3.1 > . > > > > > > > > 3.2.1: You’re not the first to ask about lists in Structured Headers; > the > > resolution nine months ago was that there’s nothing in Structured > Headers to > > support that. You’re demonstrating that there probably needs to be. My > > solution in HTTP/QUIC was to violate the prohibition on repeated keys, > but > > we need to resolve this before either Structure Headers and HTTP/QUIC > lock > > down. > > > > https://github.com/httpwg/http-extensions/issues/281 for others to > follow > > along. > > > > > > > > 3.6.1: If you’re saying a client MAY do something other than what it > MUST > > do per RFC7540, you might want to frame this as an extension. In that > vein, > > an HTTP/2 setting advertising support for this from the client might be > in > > order. You could also define a more specific error code for invalid > > unauthoritative pushes. > > > > Seems reasonable. Do you have any favorite extensions I could copy from? > > Origin Frame is close, but it merely defines something that > > https://tools.ietf.org/html/rfc7230#section-9.1 leaves vague, unlike > this > > extension that explicitly reverses a MUST from RFC7540. > > > > In 3.4, the pseudo-map of arrays alternating keys and values feels odd. > I > > assume the reason you did this is so you have a normalized order for the > > signature, as CBOR “does not allow ascribing semantics to the order….” > > However, “[a] CBOR-based protocol can prescribe a specific order of > > serialization, such as for canonicalization,” and you already are. (You > > specifically call out that you’re not using CBOR maps, so I presume > you’ve > > been down this road.) The advantage of your current scheme is that you > can > > preserve the original order of the headers in the signature, meaning a > > client could detect changes / reconstruct them. I’m not sure how > critical > > that is, but this is the right list to give feedback on the semantic > content > > of header ordering…. > > > > I was avoiding maps for two reasons, the second of which I think I've > mostly > > removed from the draft: > > > > > > > > 1) CBOR map canonicalization is a bit of a mess right now, with 3 errata > > proposing different changes to the suggested canonical map ordering, and > the > > CBORbis effort not really sure which to pick: > > https://www.ietf.org/mail-archive/web/cbor/current/msg00264.html. If I > were > > to pick a canonical order, I'd prefer > > https://www.rfc-editor.org/errata_search.php?rfc=7049&eid=4964, pure > > lexicographic order ignoring item lengths. Does that sound good to you? > > > > > > > > 2) I was thinking of a CBOR format for transmitting the exchange to the > > client. For that, it's probably important to send the response headers > > before the response payload, but 'response' sorts after 'payload' in > either > > canonical map ordering. This *may* also be useful for > > > https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-01.html#cbor-representation > , > > where an implementation could stream the request and response into the > > signature verifier before receiving the payload, with the current > ordering, > > but couldn't if it had to put the payload first. Do we want to 1) play > > spelling games to put things in the right order, 2) use arrays in only > the > > places this matters, 3) use arrays everywhere, or 4) ignore this since > it's > > not in the current proposal? > > > > On the whole, I’m really interested in this direction, and this is a > solid > > starting point for a way to get there. > > > > Thanks (\o/) > > > > Jeffrey > > > > > > > > From: Jeffrey Yasskin [mailto:jyasskin@google.com] > > Sent: Tuesday, December 5, 2017 1:20 PM > > To: HTTP Working Group <ietf-http-wg@w3.org> > > Subject: Concrete format for signed responses > > > > > > > > Hi all, > > > > > > > > I've published > > > https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-01.html > > to follow up on > > https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0385.html > with > > a concrete proposal for the Signature header. > > > > > > > > I made several choices in this design where another tradeoff would be > > totally plausible. Let me know where you'd prefer something different. > > > > > > > > Some interesting aspects of this update: > > > > > > > > * The signature covers the URL, so it's really a signed "exchange" rather > > than just a signed response. > > > > * To simplify the Signed-Headers header, it's not possible to customize > > which parts of the request are included in the signature. Exactly the > method > > and effective request URI are included. > > > > * The signing key can either be a certificate's key or a raw ed25519 > public > > key. The first supports origin-trusted certificates and other complex > forms > > of trust, while the second supports > > https://github.com/mikewest/signature-based-sri and other ways a public > key > > might be trusted out-of-band. Attentive folks will notice that this means > > signed exchanges are no longer necessarily *origin*-signed. > > > > * Certificate chains are fetched and cached from a URL rather than > bundled > > into the Signature header. Normal use is likely to Push the chain for a > > group of signed exchanges. > > > > * There's a way to update the signatures for a response without > re-fetching > > the whole response. > > > > > > > > I'll be updating > > > https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html > > as you point out things I should change. > > > > > > > > Thanks, > > > > Jeffrey >
- Concrete format for signed responses Jeffrey Yasskin
- Re: Concrete format for signed responses Andy Green
- Re: Concrete format for signed responses Jeffrey Yasskin
- RE: Concrete format for signed responses Mike Bishop
- Re: Concrete format for signed responses Ilari Liusvaara
- Re: Concrete format for signed responses Jeffrey Yasskin
- RE: Concrete format for signed responses Mike Bishop
- Re: Concrete format for signed responses Matthew Kerwin
- Re: Concrete format for signed responses Jeffrey Yasskin
- Re: Concrete format for signed responses Jeffrey Yasskin
- RE: Concrete format for signed responses Lucas Pardue
- Re: Concrete format for signed responses Ilari Liusvaara
- Re: Concrete format for signed responses Jeffrey Yasskin
- Re: Concrete format for signed responses Jeffrey Yasskin
- Is header order significant? [was: Concrete forma… Jeffrey Yasskin
- Re: Is header order significant? [was: Concrete f… Eitan Adler
- Re: Is header order significant? [was: Concrete f… Amos Jeffries