Re: [secdir] Secdir early review of draft-ietf-httpbis-message-signatures-05
Justin Richer <jricher@mit.edu> Sat, 31 July 2021 11:39 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6B533A22FF; Sat, 31 Jul 2021 04:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NB7n_VVosGBN; Sat, 31 Jul 2021 04:39:07 -0700 (PDT)
Received: from outgoing-exchange-5.mit.edu (outgoing-exchange-5.mit.edu [18.9.28.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1BC83A22FE; Sat, 31 Jul 2021 04:39:06 -0700 (PDT)
Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id 16VBXQCG025468; Sat, 31 Jul 2021 07:34:23 -0400
Received: from w92expo18.exchange.mit.edu (18.7.74.72) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Sat, 31 Jul 2021 07:33:43 -0400
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by w92expo18.exchange.mit.edu (18.7.74.72) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Sat, 31 Jul 2021 07:33:55 -0400
Received: from oc11expo18.exchange.mit.edu ([18.9.4.49]) by oc11expo18.exchange.mit.edu ([18.9.4.49]) with mapi id 15.00.1497.023; Sat, 31 Jul 2021 07:33:55 -0400
From: Justin Richer <jricher@mit.edu>
To: Mark Nottingham <mnot@mnot.net>, Daniel Migault <daniel.migault@ericsson.com>
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-httpbis-message-signatures.all@ietf.org" <draft-ietf-httpbis-message-signatures.all@ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Secdir early review of draft-ietf-httpbis-message-signatures-05
Thread-Index: AQHXhZWrWg4OIyRVykuj7GZtQXGhA6tcxmgAgAAuHAo=
Date: Sat, 31 Jul 2021 11:33:55 +0000
Message-ID: <898a6fb4002e46a7a964c083400ef272@oc11expo18.exchange.mit.edu>
References: <162768539570.14788.6438448354422571640@ietfa.amsl.com>, <FBC8C4D2-86FE-49D8-909F-8FD3642614F1@mnot.net>
In-Reply-To: <FBC8C4D2-86FE-49D8-909F-8FD3642614F1@mnot.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [71.174.62.56]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6xWFH1Yi5Nl9EqR4YfJxBKVWejg>
Subject: Re: [secdir] Secdir early review of draft-ietf-httpbis-message-signatures-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 11:39:12 -0000
Thank you for the review, these are all excellent comments and we'll incorporate them into the next drafts. - Justin ________________________________________ From: Mark Nottingham [mnot@mnot.net] Sent: Saturday, July 31, 2021 12:48 AM To: Daniel Migault Cc: secdir@ietf.org; draft-ietf-httpbis-message-signatures.all@ietf.org; ietf-http-wg@w3.org Subject: Re: Secdir early review of draft-ietf-httpbis-message-signatures-05 Thanks for the review, Daniel - much appreciated. > On 31 Jul 2021, at 8:49 am, Daniel Migault via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Daniel Migault > Review result: Has Issues > > Hi, > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These comments > were written primarily for the benefit of the security area directors. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > The main issue I have is the absence of security considerations ;-), but > otherwise the text appears to me quite clear. I will review the document once > the security consideration is completed. > > I do not see the document mentioning any sort of negotiation which limits the > scope of possible downgrade attacks or the ability from one party to > "orchestrate" in some ways, what the other party. In other words, if I did not > missed anything the signature is a local policy. This typically means that a > client may sign while responses may not be signed. Section 1.5 defines what > needs to be agreed between multiple parties, but does not provides details how > this could be achieved. > > Some very minor editorial comments. > section 1.4 > <mglt> > The qualified term "digital > signature" refers specifically to the output of an asymmetric > cryptographic signing operation. > > May be that would be clearer to define digital signature before mentioning > "signature" is used for both digital signature and Keyed MAC. </mglt> > > section 1.5 > * The set of content identifiers (Section 2) that are expected and > required. > <mglt> > I suppose that the content are security related, but it is unclear at least to > me at this stage if the content have any kind of limitation. Typically, if a > party is able require an specific header that leaks private information, that > may be an issue. I think the text might be able to clarify this. > > Though I expected it to be detailed later and "expected" security related > information is always suspicious of ending in a best effort situation where > security is optional. These are simply what come to my mind when reading these > lines. There is no necessary some actions to be taken if you believe that is > not necessary. </mglt> > > section 2.4 > <mglt> > If covered content references an identifier that cannot be resolved > to a value in the message, the implementation MUST produce an error. > Such situations are included but not limited to: > > * The signer or verifier does not understand the content identifier. > > * The identifier identifies a header field that is not present in > the message or whose value is malformed. > > If the value is malformed, it may indicate that the value is interpreted > previously the integrity has been checked. I am sure this is not what the text > is meaning, but this is how I read it, so I believe that some clarification may > be needed. </mglt> > > > -- Mark Nottingham https://www.mnot.net/
- [secdir] Secdir early review of draft-ietf-httpbi… Daniel Migault via Datatracker
- Re: [secdir] Secdir early review of draft-ietf-ht… Mark Nottingham
- Re: [secdir] Secdir early review of draft-ietf-ht… Justin Richer