IETF Logo Mail Archive

combined field value, Re: Working Group Last Call: draft-ietf-httpbis-message-signatures-13

Julian Reschke <julian.reschke@gmx.de> Fri, 28 October 2022 16:27 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A7E2C14CF05 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 28 Oct 2022 09:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.759
X-Spam-Level:
X-Spam-Status: No, score=-7.759 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXDDYabhVC3L for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 28 Oct 2022 09:27:49 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AF32C14CF02 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 28 Oct 2022 09:27:49 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ooSA2-00DYHD-24 for ietf-http-wg-dist@listhub.w3.org; Fri, 28 Oct 2022 16:24:46 +0000
Resent-Date: Fri, 28 Oct 2022 16:24:46 +0000
Resent-Message-Id: <E1ooSA2-00DYHD-24@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <julian.reschke@gmx.de>) id 1ooSA1-00DYGF-4E for ietf-http-wg@listhub.w3.org; Fri, 28 Oct 2022 16:24:45 +0000
Received: from mout.gmx.net ([212.227.17.22]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <julian.reschke@gmx.de>) id 1ooS9z-0039f9-Bx for ietf-http-wg@w3.org; Fri, 28 Oct 2022 16:24:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1666974271; bh=8INuSHEuzEuKOcOYPhmSw00I9PjfRLJI0Ef2SdNhxXA=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=LfYwwcWn8+UvDja7iXc0l7xDMD5AHGtLUUo4F8bY3z73yhIEYSiWpCS9PZ3tCJrff UyVcCgwXxdlWXD8VTYP84R1KbymIPJdnUChySFfyKDjG9DtPZ7C1akFTHmeTLTBo2K 0qapxteB8andnrbotLRkmSzY4PyxxMGdyKq1w9DurqHYZKJ5y2g3CkHFM7w+JUXR6n ztIdngMYzVL38egMLQuPEJq8e/pLU49NiSyb5XPF7m9eDAMuovb5CJyoFKmRsfIINu TLP4gPCtMPTCfREXGUGXy3j79LRsczBae/RU+j5aDp+CwUwOhmMB94mea3FTVgU1Sf CtgyUuFXf8x4Q==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.178.179] ([91.61.58.200]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MiaYJ-1pJ8P340BD-00fgMB for <ietf-http-wg@w3.org>; Fri, 28 Oct 2022 18:24:31 +0200
Message-ID: <9feaab79-4da9-cd83-b53e-297fc199624b@gmx.de>
Date: Fri, 28 Oct 2022 18:24:30 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0
Content-Language: en-US
To: ietf-http-wg@w3.org
References: <7A490A89-3B27-4278-9AFA-A5339FF11500@mnot.net>
From: Julian Reschke <julian.reschke@gmx.de>
In-Reply-To: <7A490A89-3B27-4278-9AFA-A5339FF11500@mnot.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:tI7lWTTaFhDeRDAm0wmOerQhpvZgLbyAjs7FSyQtxSCT1wYuJ+f 7nKtTNo7BOc4oxzvY+Pz3C7uz/0kH0N4PBVukB1waMwOo/9d9j2BhohDWBvVg0Cb+WppvxA So9slbDEQ6r3T2W7m2z/MoHZoNUB2fozGfS7mUGgi7d49BTeixxuryB8aFt4d0K+Y9nVFox pOG9LmrGfeqUt/x43E9bA==
UI-OutboundReport: notjunk:1;M01:P0:H9v48KXet+c=;jyCGPTZl1c9haeS50/N5DFsSh90 RGRX3gi3uNeEe9FJwpCvXpzyUjsFzoWJ71fpzsOPSC1YT1g5zUprmAVxLGcDKQIqQVhyCQcnm Ddv1DLtwXuKTTp5fVu2Gcbw3phtph4waXBsDYxKb7NoXBx8uW7BPm382T4xi2cxa6ih+DyI7u SqQQ06XLfXANIE/q9sE3HId2GTPgb2RgmwPAD+UoBm0IwzJAipHSH6EafIYXtnDa6/611ICob ICbz3U7TXahga17Zcc5VvBYCpu4F4+OHyMESqhf9U64Xop1CG+Igldha7F2EFZc3SoamOJVH2 HTZfL9z7b0QgHq1wWQXRjnHICjemTa0xw3u8v1SvI43ABbBBhzpLQjJDU/xCmlS/3++LibIFX Hkx7AmFlMAsl5R4sgo5LIcEwJh/DkuqAWdblX5GIcdYiIqEYeValFvj2O0UjSOjyTynQnnO4C KHv2zElAL7urobbi20xdWjosqY2lISiWWJsgh9yIfgrmtF8bUJKivWzR4wCbSo6ZgFlTSlShj wya2NB45wtG+3phHIDkN5owu+sytXEETsPDo4vI9eWl6Yo7UZ5L77EUw4fBXJYI4PGI2AoRJo benMPVWgvIALrGt6oEUVE/UJoI1mXwulkUJszw2PWS0qFK/faqTzPldh6bleSYCVEQ/2hQXDL 3rK1BCikUeRgk73ZducYPrpzhdywK0iUqmB1tEbnJSWykBLi1XWvA76yIfNhvk73t8PJPUviT fqjZzrRO9AIfYLrZI8J94qCX6AkFgBQwze+w9+uSDbq+in67mVHmPo/0P2Jb/3WvQNYAo4jCN hMtClspcFqoBTv7EUu6I/N29BuSTt7tGuVdSSQuwRdtgyB96EQMfxa55NTarKjrd3zfQONgFd jqW5M2OBlf2JbsZsWNo4eMYT3Q0/4sce7PcPa/S7rqjQivhDe7qSM9YHRLldIiGaMNupGrCQx GIu9ovTc2sjaGJpzcMYWpn1r+iw=
Received-SPF: pass client-ip=212.227.17.22; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-DKIM-Status: validation passed: (address=julian.reschke@gmx.de domain=gmx.de), signature is good
X-W3C-Hub-Spam-Status: No, score=-5.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ooS9z-0039f9-Bx 1f20de885dca3deb11b7ba1344b67c68
X-Original-To: ietf-http-wg@w3.org
Subject: combined field value, Re: Working Group Last Call: draft-ietf-httpbis-message-signatures-13
Archived-At: <https://www.w3.org/mid/9feaab79-4da9-cd83-b53e-297fc199624b@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40503
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 27.09.2022 01:01, Mark Nottingham wrote:
> ...


<https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-13.html#section-2.1>
says:

 > Unless overridden by additional parameters and rules, the HTTP field
value MUST be canonicalized as a single combined value as defined in
Section 5.2 of [HTTP].

...but later on it specifies...:

 > Concatenate the list of values together with a single comma (",") and
a single space (" ") between each item.

...which is inconsistent with Section 5.2's definition of "combined value":

 >  When a field name is repeated within a section, its combined field
value consists of the list of corresponding field line values within
that section, concatenated in order, with each field line value
separated by a comma.

Not good. This message-signatures spec can likely work-around this by
not referring to the definition of "combined field value" from 5.2 --
but we may have to discuss this as an issue in the core spec (which goes
on with an example where SP is indeed inserted, and Section 5.3 which
explicitly allows that).

Best regards, Julian

v2.23.0 | Report a Bug | By Email