IETF Logo Mail Archive

authentication without https (was Re: https at ietf.org)

Dave Crocker <dhc@dcrocker.net> Wed, 06 November 2013 14:57 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8201311E80DC for <ietf@ietfa.amsl.com>; Wed, 6 Nov 2013 06:57:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VuQdkiIYuURt for <ietf@ietfa.amsl.com>; Wed, 6 Nov 2013 06:57:12 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 2302F11E8141 for <ietf@ietf.org>; Wed, 6 Nov 2013 06:57:10 -0800 (PST)
Received: from [192.168.1.180] (d23-16-52-16.bchsia.telus.net [23.16.52.16] (may be forged)) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id rA6Ev44b014253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 6 Nov 2013 06:57:08 -0800
Message-ID: <527A58AA.5080301@dcrocker.net>
Date: Wed, 06 Nov 2013 06:56:42 -0800
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Ted Lemon <Ted.Lemon@nominum.com>, Dave Cridland <dave@cridland.net>
Subject: authentication without https (was Re: https at ietf.org)
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com> <alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com> <01P0FR4HDQNG00004G@mauve.mrochek.com> <CAHBU6ivZS33r4HHbCC391Ug9fMtZkJ3nojEeeqH5L+0+o3ZqGQ@mail.gmail.com> <01P0FU0CS96Q00004G@mauve.mrochek.com> <26C6A672-A5D2-44C4-B343-9CCE5E388348@standardstrack.com> <CAKHUCzzzT-0p89uT62zrxGqF1XACG+Ok7hNLcuTaDad7R7eCTQ@mail.gmail.com> <EA2A8649-F8E6-4802-BDD7-AD593D387B9D@nominum.com>
In-Reply-To: <EA2A8649-F8E6-4802-BDD7-AD593D387B9D@nominum.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 06 Nov 2013 06:57:08 -0800 (PST)
Cc: IETF-Discussion Discussion <ietf@ietf.org>, Eric Burger <eburger@standardstrack.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 14:57:16 -0000

On 11/6/2013 6:09 AM, Ted Lemon wrote:
> I assume that what we want is a mechanism for authenticating the
> content; in this case there is no need to encrypt the content.   We
> are just talking about HTTPS because no mechanism exists to do the
> one without the other.   So the problem you are talking about, which
> I agree is real, is simply evidence of a missing feature; maybe that
> is where this debate ought to go.


G'day.

I'm glad this discussion has distinguished between wanting content 
authentication vs. content confidentiality.  While some uses of https 
can do both, it's good to note that a) it can't do only authentication, 
and b) requiring https prohibits many current, legitimate scenarios.

I take this state of affairs -- combining the goal of authentication 
with a desire to preserve an extensive operational base -- as meaning 
that we need to create something to solve the problem.  This would, of 
course, mean that participants in the new mechanism do need to adopt new 
software, but it also would mean that non-adopters do not -- and won't 
be bothered by the presence of the signature, if it's packaging is 
designed properly.

There happens to be a solution lurking close by, just the other side of 
this door...  The door is marked "transparent authentication of content".

The base technology is DKIM:

      http:dkim.org

which affixes a signature using a special header-field to email.  The 
signature is transparent to any engine that doesn't recognize it, 
including human readers who are typically being shown a common subset of 
the full email header.

(DKIM semantics do not match the authentication goal here.  It uses 
authentication technology, but it uses it only to authenticate an 
identifier it affixes to the message; the presence of that identifier 
means that its owner of the identifier is taking 'some' responsibility 
for the message, not that the owner is certifying the content or 
claiming ownership of the content. So my suggestion is about underlying 
DKIM technology, not DKIM itself.)

The mechanisms of DKIM could be rather easily adapted to provide content 
authentication semantics, with the signature carried in a header field. 
  It would therefore provide authentication for any web client that 
upgraded and would be transparent to others.

There's been an effort to define a flexible version of this underlying 
mechanism, for just this sort of adaptation.  It's called DOSETA:

      http://www.trusteddomain.org/doseta.html

This leaves some real engineering work to be done, but provides a very 
high point of departure for solving the problem of content 
authentication that does not bother the legacy installed base.

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email