Re: feedback on draft-ietf-httpbis-message-signatures-13

Julian Reschke <julian.reschke@gmx.de> Mon, 17 October 2022 12:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C7F8C1524AD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Oct 2022 05:02:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.663
X-Spam-Level:
X-Spam-Status: No, score=-7.663 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y8LOpHsY1Zjn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Oct 2022 05:02:17 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41C50C1522B7 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 17 Oct 2022 05:02:11 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1okOm4-00Ef6A-75 for ietf-http-wg-dist@listhub.w3.org; Mon, 17 Oct 2022 11:59:16 +0000
Resent-Date: Mon, 17 Oct 2022 11:59:16 +0000
Resent-Message-Id: <E1okOm4-00Ef6A-75@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <julian.reschke@gmx.de>) id 1okOm3-00Ef5I-A8 for ietf-http-wg@listhub.w3.org; Mon, 17 Oct 2022 11:59:15 +0000
Received: from mout.gmx.net ([212.227.17.21]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <julian.reschke@gmx.de>) id 1okOm1-00ERt8-Jo for ietf-http-wg@w3.org; Mon, 17 Oct 2022 11:59:14 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1666007941; bh=QrsjrzzgnZAjU2YYeGZFPqmKutlFZFVAH9zFy9SEf2I=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=WEgR6+a3SDm9FU6NTlDBPpHLQqxluX+af44HVjIKPIsq7TiQkpq598UP+h7++anb1 3MuxL/HrtzVSGAP1ZNRifv7gn7lt375ltLGPtweDnPEyZxDVk4xIrbbAlWgR5sh/Vo vhw5MhmzvDobXhKL9YHa9lPcv9tiCaJ3qGjnSLe8=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.199] ([217.251.132.30]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M3lcJ-1okfcU1UAd-000sp9 for <ietf-http-wg@w3.org>; Mon, 17 Oct 2022 13:59:01 +0200
Message-ID: <4e77390f-f5d0-18b1-23d6-8b254c87815f@gmx.de>
Date: Mon, 17 Oct 2022 13:59:02 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.3
Content-Language: en-US
To: ietf-http-wg@w3.org
References: <CAD9ie-uvOK_-JxDjtZrPXGqdHUSYFNdKsaGKp6jNNhZB5bVXuA@mail.gmail.com> <37363932-a747-8d28-0f6e-f3fedfcef7f4@gmail.com>
From: Julian Reschke <julian.reschke@gmx.de>
In-Reply-To: <37363932-a747-8d28-0f6e-f3fedfcef7f4@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:8LBWFmZmUyTCQLjq9EQ0hM6awSIsIfc4siV+acDO82Ht9FRNzrR ZUkv9N8cRKN1m9aYpBu2HbAIBpjT20L/S0C8+fo4z6oadIZlHjKa9i4s/XF5PKF+yJNl94g lFiryiQG6LTc+gr+wxSgrk1cuvaLndexEylpM9vHv0D+XX9oPIDD0VscfxO6t/kD1AJGIMx XOLSY8Fgh6GrLvdS7GLcQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:gO3nO6DelCc=:FvxFhOn8QEka8HM+R6yIQl M+uLyNRU3tdbHhLTXmz3kAlKMaXRI/iR9Vn1MrvAkKUUVmjh5jTqhRDybHiZreqLdqJu0NV6W PnUIyoR+DvK/s1RtFqytHe2N0eSRV+kXpSUxxKshs0tY9S8l1JAi8D/iyLafF2/Du3sVy1z+T tfKUdTP914PkS2io5EfxCOhp25gChMR1OIRMgJOdtiJrs9gXJGho4P0FV/lyY8yNRcy2biV8D DpKTo3C4LBqc18yuJLnLU+IVZ07O/Voyvv2C0B+lnKy3sE77fGYt05d8v53jqpDLcGaWDCAJp 9YIKwsRgkEHhP+pmZJoy0IbsWdN/XSPIU5wwGTAXtYDn6K/xyJEqn+YifR+bGjKPw1CZxrDei HHK+1FGCtdWZ29GRrzGevL63BXUzGzO31ZYjDPZ0TYpr33Hl26ba5fJ+gcE68FRrcO7z5Di8R 55Xy5sIDrW9w8GCcVFTfmiSgVzRG7IlY0OEwmBf+cwITb7lsZNu/TZQDyJq/BXHz76KDp/1mo fX6ayH1D93JX6e2d5MuA2dRawhIPPLbNf4sXvy2o8NdTKOuOCHTUJit18f2QYsWQkNisoslEl mkZ1S4jn7ijCQRS4DjVr4gHvWfEXl4zYeUWsFRb8izLyCVX4R4opA1/abyQYOEA/fFypR9z8k nm1ZxU+Pq/GvTWDMm4yPVSLOPohpLw+Oo/TgsRfcqOiaVNC8RTvPAw5wtU488D7LOBIA1MaIk LJFqMsC5tEiw1l3Y6G9GHZzGVo82YwnFbQFRKFPIyyersaVSlBja6gelziQWz2UJ7zy+omAO1 rqQeNX5ERr4aJ3N7qM/IEvE7uMM9IXYYYNpL+LBUdqjdzSEDBVCpXwkcLmrcRCzfpRhWYVYvN W4UU3DLrgW3GZZ0QLkp3f4vUILaf/SXjWDC/WGuHZBXj8WgXU6+VIw96y0ujIyJgRke0SkYgb 9xRk+HhdaSnc8/xluSBE2M2TQXdiXbaniIbrR4zfsJBHUVbqQkT4J7ijo73RjN8810kdAXJHA 4KwnbAWNDgjVEPhCkgguRtSFmgDWDPZdLpeMmEhTvs1dcxQwFHlXFbMqTMuk0zkLPwqthm9qD zSNkbIzCs4FRHTCIm18ginVKg7YBCQmXGXWqXDuYnJN4lJhPOBWTqicyUaCHFstWY/z8PqsBN IkaUn+dkBz2bqnDA7NFMtdFJ/dL+ryTkAgrT/tLSYGv8aYLJXYJlCKC/2wSDxI/f9eMLC1SLT /LVpvDw8sfDyqL+S9Bfr2DaVVaP8W1njjiGJkgFyNAjjYc61wDJ/w2JB8y0DA1lYSGLWOFiXW +JS3hskw02ezvueB/n5fN+fnIeUv5czwlxsOI8EPGvYtHlSG0KNca8l8nUMuBLlJUGOsCqixt yuIru3OFvZsHTxnjMBR/goSTmqa/Fji587x0kOx+t5tbkZ3l4dPj5jkHKhfvpztx2MEnrKRZY a79GwKttWyh5wRefPU7sI5ZK0XMTPQGyBvnGdUNWNH3UAdsIoo3Kwlvr481/ElyEFGfS5OEXM yc0KYW5xvj6CMnsVRxrCVGmqtUUZVLDYEJCZsgbUpjGxM
Received-SPF: pass client-ip=212.227.17.21; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-DKIM-Status: validation passed: (address=julian.reschke@gmx.de domain=gmx.net), signature is good
X-W3C-Hub-Spam-Status: No, score=-5.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1okOm1-00ERt8-Jo 71b41da268dcbafb854fd8e81e7547fa
X-Original-To: ietf-http-wg@w3.org
Subject: Re: feedback on draft-ietf-httpbis-message-signatures-13
Archived-At: <https://www.w3.org/mid/4e77390f-f5d0-18b1-23d6-8b254c87815f@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40455
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 17.10.2022 12:44, Anders Rundgren wrote:
> +1
>
> Target URI and Method (as well as other data related to the message),
> may equally well be put in the payload.  HTTP header signing is an
> unnecessary complication.
> ...

Can you elaborate? You might have a media type that allows adding a
*copy* of that information, but that's not the same thing.

Best regards, Julian