IETF Logo Mail Archive

Re: Concrete format for signed responses

Jeffrey Yasskin <jyasskin@google.com> Sat, 09 December 2017 00:45 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB4212783A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 8 Dec 2017 16:45:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.498
X-Spam-Level:
X-Spam-Status: No, score=-6.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xiP2yfXqh83z for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 8 Dec 2017 16:45:17 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAAE1126B7E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 8 Dec 2017 16:45:16 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1eNT8h-0001vg-Iz for ietf-http-wg-dist@listhub.w3.org; Sat, 09 Dec 2017 00:37:11 +0000
Resent-Date: Sat, 09 Dec 2017 00:37:11 +0000
Resent-Message-Id: <E1eNT8h-0001vg-Iz@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1eNT8S-0001bt-1k for ietf-http-wg@listhub.w3.org; Sat, 09 Dec 2017 00:36:56 +0000
Received: from mail-it0-f48.google.com ([209.85.214.48]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <jyasskin@google.com>) id 1eNT8L-00033E-9u for ietf-http-wg@w3.org; Sat, 09 Dec 2017 00:36:54 +0000
Received: by mail-it0-f48.google.com with SMTP id z6so7714375iti.4 for <ietf-http-wg@w3.org>; Fri, 08 Dec 2017 16:36:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rucN2bvyd+bgOn0gLGcCmoLjv75wfXZdFkBKD0WEb1M=; b=N2YsYxxYkkPtoGotI6zRvk4jCQ+nLdEDttIg5Ooat8M/gFVZZ0PjDftlwV04kadolB JVByCJ3W7GZHTl8vSoZn7KtI1M8G5OePeAo/kGNNeIH8jiQfdKY/H9ntXe2H19+ziEc4 HS6HXjYQveDDynkg9bc9x36mDTJk+FpoxjbP4TiPMIvQ6bojAHvYVZwp4CtDxog8rzfP itXKzLvo893/P6xyKitrX8z5bjliCz2bHqEJ2m9rZvwJZ9CZbjqYR9iSfGv5AS2qNLKt aRSJSLITTzyL/Q3yIToZOJoY/6pP80508emkNfa7YgTprM7ifj5/F6rR8j4WHiRvQ4Vm 58Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rucN2bvyd+bgOn0gLGcCmoLjv75wfXZdFkBKD0WEb1M=; b=Qgs6Zlr7PrBKRgxr/TihnNsOEHpUXn9BGwy+ZHuko3SZED0gm9EBfpFmtZoEJ++h33 5yyj2mr4oLhUTS81hc4HC5rI2OwKdM7ZWmb7DDBJMqk9L/jw2WIKLjPrHPZa9Usmb5z0 2XpXfCeGE6wlPZhI1+8IBz7SN4ULqRJfUskN2l75bKSY6ru4KU4UmRTMvlPMA65O1kB4 6NXW7n7v4GBkf6bwXLy6BLuwdLupolfQLWUbTu23S3RP1/1StkvastWxpdtv7NP4W10i IuxDx4jPEsbhaadM2eewgKlipWtJOugSJ1KEMcdwwqKDhMzko3xAF0QNbM3k67xOjP3s 7+RQ==
X-Gm-Message-State: AKGB3mLU4RTzlpAOAKdxwhUcBUhfg/Ju/P/hvrnFiOlKELYzbBSvjNWl Zg486MJtBNfot165dp+ghTJ3ZF/lKJutdixIRQWdEg==
X-Google-Smtp-Source: AGs4zMYeYy4hu2mdpz2fX/ER0Czfs3p1OPdlqn2RNCpaFToIpB8sMekgCspW2jK07huDILgP+W7S90boMEIVuSX4ZUA=
X-Received: by 10.36.70.146 with SMTP id j140mr7084667itb.66.1512779786579; Fri, 08 Dec 2017 16:36:26 -0800 (PST)
MIME-Version: 1.0
References: <CANh-dXkgss_Mt0F4hv5fBcrHUJ6=BO7o5u2OCWzxJom=xAiJ0w@mail.gmail.com> <MWHPR08MB2432A0444DA51B186951F44BDA320@MWHPR08MB2432.namprd08.prod.outlook.com> <CANh-dXnO-2Kv-NckDJu6bkdvETe-nWZrwyfCmt4X5C2tqy1xgg@mail.gmail.com> <MWHPR08MB243229BA34463C63100B4174DA320@MWHPR08MB2432.namprd08.prod.outlook.com> <CANh-dXm-qBfMj3gQ08-gSPUuYtNF3u=gAAi-QRb_H8P6Q7XXKw@mail.gmail.com>
In-Reply-To: <CANh-dXm-qBfMj3gQ08-gSPUuYtNF3u=gAAi-QRb_H8P6Q7XXKw@mail.gmail.com>
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Sat, 09 Dec 2017 00:36:15 +0000
Message-ID: <CANh-dX=po0+ocp8FUceUynSfCkbVbix2d0XMtdwa65eUHAxyxw@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Lucas Pardue <Lucas.Pardue@bbc.co.uk>, matthew@kerwin.net.au
Content-Type: multipart/alternative; boundary="001a1144b8e6ce0bbe055fdd7db8"
Received-SPF: pass client-ip=209.85.214.48; envelope-from=jyasskin@google.com; helo=mail-it0-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-7.5
X-W3C-Hub-Spam-Report: AWL=1.565, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1eNT8L-00033E-9u 5dd7e70b9d7bf48e5ad032597eab7d29
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Concrete format for signed responses
Archived-At: <https://www.w3.org/mid/CANh-dX=po0+ocp8FUceUynSfCkbVbix2d0XMtdwa65eUHAxyxw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34941
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Dec 6, 2017 at 4:40 PM Jeffrey Yasskin <jyasskin@google.com> wrote:

> On Wed, Dec 6, 2017 at 2:45 PM, Mike Bishop <mbishop@evequefou.be> wrote:
> > Hm, then I’m not sure what sets up the deep links.  I’ll defer to those
> who
> > know the tools better than I.
> >
> >
> >
> > https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-00
> > requires the client to advertise support for the new frame types; you
> could
> > steal the general structure from there.  I’d just say that servers MAY
> push
> > signed resources for domains for which they aren’t authoritative only if
> the
> > client has set the newly-defined setting.  Secondary Certs also defines
> new
> > error codes, if you wanted to steal that.
>
> Thanks. I'll look at that and draft-kerwin-http2-encoded-data, and
> send y'all a PR Friday.
>

Here you go: https://github.com/WICG/webpackage/pull/94. Thanks for the
example drafts.

Jeffrey

> What about omitting the tags entirely, and just have a two-element array
> > with each element being a map?  [ request, response ].
>
> Positional arguments are definitely plausible. I avoided them in order
> to make it easier to extend this in the future if we need to. For
> example, are we totally sure that we'll never want to represent
> request payloads or trailers in a signed exchange?
>
> Jeffrey
>
> > From: Jeffrey Yasskin [mailto:jyasskin@google.com]
> > Sent: Wednesday, December 6, 2017 2:20 PM
> > To: Mike Bishop <mbishop@evequefou.be>
> > Cc: HTTP Working Group <ietf-http-wg@w3.org>
> > Subject: Re: Concrete format for signed responses
> >
> >
> >
> > On Wed, Dec 6, 2017 at 10:42 AM Mike Bishop <mbishop@evequefou.be>
> wrote:
> >
> > Thanks, Jeffrey.  In parallel with other work that’s going on to make
> push
> > actually usable, I’m excited about the ability to push non-authoritative
> > resources in a secure way.
> >
> >
> >
> > A few smaller points on the draft, most of which wind up being feedback
> on
> > Structured Headers more than your doc:
> >
> > 3.1:  The usual format is “section <foo> of [BAR]”; I think if you use
> that
> > format, the html-ized copy will actually deep-link to the relevant
> section.
> > You’re following the format from draft-ietf-header-structure, so we
> should
> > fix it there instead.
> >
> > https://tools.ietf.org/html/draft-ietf-httpbis-origin-frame-04#section-1
> has
> > a deep link written like ([RFC7540], Section 9.1.2), so it's not
> primarily
> > my syntax. I'm happy to use the 'of' syntax though if folks prefer.
> > https://github.com/WICG/webpackage/pull/92
> >
> >
> >
> > 3.1:  MUST not => MUST NOT
> >
> > Fixed in
> >
> https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#rfc.section.3.1
> .
> >
> >
> >
> > 3.2.1:  You’re not the first to ask about lists in Structured Headers;
> the
> > resolution nine months ago was that there’s nothing in Structured
> Headers to
> > support that.  You’re demonstrating that there probably needs to be.  My
> > solution in HTTP/QUIC was to violate the prohibition on repeated keys,
> but
> > we need to resolve this before either Structure Headers and HTTP/QUIC
> lock
> > down.
> >
> > https://github.com/httpwg/http-extensions/issues/281 for others to
> follow
> > along.
> >
> >
> >
> > 3.6.1:  If you’re saying a client MAY do something other than what it
> MUST
> > do per RFC7540, you might want to frame this as an extension.  In that
> vein,
> > an HTTP/2 setting advertising support for this from the client might be
> in
> > order.  You could also define a more specific error code for invalid
> > unauthoritative pushes.
> >
> > Seems reasonable. Do you have any favorite extensions I could copy from?
> > Origin Frame is close, but it merely defines something that
> > https://tools.ietf.org/html/rfc7230#section-9.1 leaves vague, unlike
> this
> > extension that explicitly reverses a MUST from RFC7540.
> >
> > In 3.4, the pseudo-map of arrays alternating keys and values feels odd.
> I
> > assume the reason you did this is so you have a normalized order for the
> > signature, as CBOR “does not allow ascribing semantics to the order….”
> > However, “[a] CBOR-based protocol can prescribe a specific order of
> > serialization, such as for canonicalization,” and you already are.  (You
> > specifically call out that you’re not using CBOR maps, so I presume
> you’ve
> > been down this road.)  The advantage of your current scheme is that you
> can
> > preserve the original order of the headers in the signature, meaning a
> > client could detect changes / reconstruct them.  I’m not sure how
> critical
> > that is, but this is the right list to give feedback on the semantic
> content
> > of header ordering….
> >
> > I was avoiding maps for two reasons, the second of which I think I've
> mostly
> > removed from the draft:
> >
> >
> >
> > 1) CBOR map canonicalization is a bit of a mess right now, with 3 errata
> > proposing different changes to the suggested canonical map ordering, and
> the
> > CBORbis effort not really sure which to pick:
> > https://www.ietf.org/mail-archive/web/cbor/current/msg00264.html. If I
> were
> > to pick a canonical order, I'd prefer
> > https://www.rfc-editor.org/errata_search.php?rfc=7049&eid=4964, pure
> > lexicographic order ignoring item lengths. Does that sound good to you?
> >
> >
> >
> > 2) I was thinking of a CBOR format for transmitting the exchange to the
> > client. For that, it's probably important to send the response headers
> > before the response payload, but 'response' sorts after 'payload' in
> either
> > canonical map ordering. This *may* also be useful for
> >
> https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-01.html#cbor-representation
> ,
> > where an implementation could stream the request and response into the
> > signature verifier before receiving the payload, with the current
> ordering,
> > but couldn't if it had to put the payload first. Do we want to 1) play
> > spelling games to put things in the right order, 2) use arrays in only
> the
> > places this matters, 3) use arrays everywhere, or 4) ignore this since
> it's
> > not in the current proposal?
> >
> > On the whole, I’m really interested in this direction, and this is a
> solid
> > starting point for a way to get there.
> >
> > Thanks (\o/)
> >
> > Jeffrey
> >
> >
> >
> > From: Jeffrey Yasskin [mailto:jyasskin@google.com]
> > Sent: Tuesday, December 5, 2017 1:20 PM
> > To: HTTP Working Group <ietf-http-wg@w3.org>
> > Subject: Concrete format for signed responses
> >
> >
> >
> > Hi all,
> >
> >
> >
> > I've published
> >
> https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-01.html
> > to follow up on
> > https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0385.html
> with
> > a concrete proposal for the Signature header.
> >
> >
> >
> > I made several choices in this design where another tradeoff would be
> > totally plausible. Let me know where you'd prefer something different.
> >
> >
> >
> > Some interesting aspects of this update:
> >
> >
> >
> > * The signature covers the URL, so it's really a signed "exchange" rather
> > than just a signed response.
> >
> > * To simplify the Signed-Headers header, it's not possible to customize
> > which parts of the request are included in the signature. Exactly the
> method
> > and effective request URI are included.
> >
> > * The signing key can either be a certificate's key or a raw ed25519
> public
> > key. The first supports origin-trusted certificates and other complex
> forms
> > of trust, while the second supports
> > https://github.com/mikewest/signature-based-sri and other ways a public
> key
> > might be trusted out-of-band. Attentive folks will notice that this means
> > signed exchanges are no longer necessarily *origin*-signed.
> >
> > * Certificate chains are fetched and cached from a URL rather than
> bundled
> > into the Signature header. Normal use is likely to Push the chain for a
> > group of signed exchanges.
> >
> > * There's a way to update the signatures for a response without
> re-fetching
> > the whole response.
> >
> >
> >
> > I'll be updating
> >
> https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
> > as you point out things I should change.
> >
> >
> >
> > Thanks,
> >
> > Jeffrey
>

v2.23.0 | Report a Bug | By Email