IETF Logo Mail Archive

Re: [OAUTH-WG] Signatures spec proposal, take 2

"Richard L. Barnes" <rbarnes@bbn.com> Fri, 24 September 2010 17:08 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E94123A6ADA for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 10:08:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.414
X-Spam-Level:
X-Spam-Status: No, score=-102.414 tagged_above=-999 required=5 tests=[AWL=0.185, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IjoEg1lpdaSQ for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 10:08:24 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 5A3913A6A3F for <oauth@ietf.org>; Fri, 24 Sep 2010 10:08:24 -0700 (PDT)
Received: from ros-dhcp192-1-51-60.bbn.com ([192.1.51.60]:63717) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1OzBlX-000JNB-VV; Fri, 24 Sep 2010 13:08:56 -0400
Message-Id: <29CE36EA-67C2-4D58-96F2-3C462A12219F@bbn.com>
From: "Richard L. Barnes" <rbarnes@bbn.com>
To: Dirk Balfanz <balfanz@google.com>
In-Reply-To: <AANLkTinRQDgVynrE6vdMVYBT=_+fpDMqWaL1C+BNzf_e@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Fri, 24 Sep 2010 13:08:55 -0400
References: <C8C15BD3.3AC6C%eran@hueniverse.com> <89CF75F1-4A51-4B92-8305-BC7430D36F7C@bbn.com> <AANLkTinRQDgVynrE6vdMVYBT=_+fpDMqWaL1C+BNzf_e@mail.gmail.com>
X-Mailer: Apple Mail (2.936)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Signatures spec proposal, take 2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 17:08:26 -0000

> I think it's more robust to verify than to generate. In option 2,  
> you have to "guess" what the signer actually signed. To be fair, you  
> have pretty good signals, like the HTTP request line, the Host:  
> header, etc., but in the end, you don't _know_ that the signer  
> really saw the same thing when they generated the signature. I can't  
> help but feeling that that's a bit of a hack. In option 1, you  
> always know what the signer saw when they generated the signature,  
> and it's up to you (the verifier) to decide whether that matches  
> your idea of what your endpoint looks like.

Generating does not imply guessing: The signer can specify what he  
signed without providing the data directly.  Quoting from another  
thread:
"
1. Signer computes signature sig_val over data object:
   { user_agent: "Mozilla", method: "GET" }
2. Signer sends { signed_fields: ['user_agent', 'method'], sig:  
sig_val }
3. Recipient reconstructs data object using signed_fields
4. Recipient verifies sig_val == sign(reconstructed_object)
"

If the spec is written properly, the recipient should be able to look  
at the names of the fields ('user_agent', 'method') and use them to  
reconstruct the original object.

The idea of allowing signed fields to change en route to the server  
strikes me as a little odd.  Sure, you could ignore the method, path,  
and host values in HTTP and just act on the enveloped data, but at  
that point, why not just do away with the overhead of HTTP and run the  
whole thing over TCP?

--Richard

v2.23.0 | Report a Bug | By Email