Re: [Secdispatch] [dispatch] HTTP Request Signing
Adam Roach <adam@nostrum.com> Tue, 05 November 2019 19:43 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC48120AE9; Tue, 5 Nov 2019 11:43:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.279
X-Spam-Level:
X-Spam-Status: No, score=-1.279 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afmNvmOUVrUg; Tue, 5 Nov 2019 11:43:10 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E916120AB5; Tue, 5 Nov 2019 11:43:10 -0800 (PST)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id xA5Jh5bI088661 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 5 Nov 2019 13:43:07 -0600 (CST) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1572982988; bh=68db0cZo867PbSAwMiTTcmRl4TekzR2+H/3ilrUY/Hk=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=GZRWVfr0RrNPqAtEBN6COySzEyo2h8BHYYoygS1yG+nqdu6BwYZIp4V62G8n4o+yG Uxp1GMGRBQTI5P1DLdmrkCPJ7Ex2cTWjzrQDQ7BeKDG7NIdBoj1M56Dl+ulmB/OoGU vz4rRArwHMUjriDeGCH51fGmH+2m5nqWR/PSRL+o=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Justin Richer <jricher@mit.edu>
Cc: DISPATCH <dispatch@ietf.org>, IETF SecDispatch <secdispatch@ietf.org>
References: <E53D0610-2A30-483E-9BF5-BC83E7BC2CBF@mit.edu> <CAHBDyN5-Hj-Hsr_r7V4QWNBB7eeunSdN0YLAVROuq1LqJEERBA@mail.gmail.com> <279B9C8D-0614-482C-8839-FE10455331B6@mit.edu> <CAHbuEH5DQ7uRwe6=1dj80VLrkik6ceyGe+reeN+fmgVQmM9rcw@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <fe297381-a97f-21d7-899d-e387ce6e2f3c@nostrum.com>
Date: Tue, 05 Nov 2019 13:43:00 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CAHbuEH5DQ7uRwe6=1dj80VLrkik6ceyGe+reeN+fmgVQmM9rcw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------7048C49F4FD1DE109B9F8519"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/WXc4oHH9wOjFzjGhATkk6K-8kZk>
Subject: Re: [Secdispatch] [dispatch] HTTP Request Signing
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 19:43:12 -0000
Given that DISPATCH meets in the first Monday morning slot, I think this plan makes the most sense. Justin (or the DISPATCH chairs) can give a very short description of the purpose of the proposed mechanism, and let interested parties know that the discussion will take place in SECDISPATCH. /a On 11/5/19 10:59 AM, Kathleen Moriarty wrote: > We have the time at SecDispatch, so should I just add it > considering DISPATCH has a full agenda? > > Best regards, > Kathleen > > On Tue, Nov 5, 2019 at 11:56 AM Justin Richer <jricher@mit.edu > <mailto:jricher@mit.edu>> wrote: > > A number of the people involved with implementing the drafts that > I’d like to present are involved in IETF in different places, but > none for pushing this draft to date. If this work finds a home, I > think we’d be able to get a lot of that external community to > participate in whatever list ends up hosting the work. > > I’m fine with presenting at only one of DISPATCH or SECDISPATCH > instead of both, but since this sits squarely at the intersection > of the two communities it might make sense for me to just > introduce the concept (~1 min) at whatever meeting I’m not giving > a full presentation at. > > — Justin > > >> On Nov 4, 2019, at 3:02 PM, Mary Barnes >> <mary.ietf.barnes@gmail.com <mailto:mary.ietf.barnes@gmail.com>> >> wrote: >> >> Personally, I'd rather not have the presentation twice, >> recognizing of course, that not everyone would be able to attend >> one or the other. But, we will have recordings and as is oft >> stated, ultimately decisions happen on mailing lists. And, I >> appreciate and agree with Jeffrey not wanting feature creep in >> WPACK. One objective of DISPATCH has been to ensure that work >> that is chartered is discrete enough to finish in a timely manner. >> >> You mention other communities that are interested in this. Will >> they be participating or have they participated in IETF? It's >> hard for chairs to judge consensus to work on something when the >> communities interested in the work are not participating in >> IETF. Mailing list participation is sufficient. >> >> DISPATCH agenda is pretty full right now, so this would have to >> fall into AOB at this juncture if ADs and my WG co-chair agree >> that we should discuss in DISPATCH. And, perhaps whether it gets >> a few minutes in SECdispatch might be informed on how it goes in >> DISPATCH, if we have a chance to discuss it, since you need the >> agreement that this is a problem IETF should solve from both areas. >> >> Regards, >> Mary >> DISPATCH WG co-chair >> >> >> On Fri, Nov 1, 2019 at 5:00 PM Justin Richer <jricher@mit.edu >> <mailto:jricher@mit.edu>> wrote: >> >> I would like to present and discuss HTTP Request signing at >> both the DISPATCH and SECDISPATCH meetings at IETF106 in >> Singapore. This I-D has been floating around for years now >> and has been adopted by a number of different external groups >> and efforts: >> >> https://tools.ietf.org/html/draft-cavage-http-signatures >> >> I’ve spoken with the authors of the draft and we’d like to >> find out how to bring this forward to publication within the >> IETF. I’m targeting both dispatch groups because this >> represents the intersection of both areas, and I think we’d >> get different perspectives from each side that we should >> consider. >> >> There have been a number of other drafts that have approached >> HTTP request signing as well (I’ve written two of them >> myself), but none has caught on to date and none have made it >> to RFC. Lately, though, I’ve been seeing a lot of renewed >> effort in different sectors, and in particular the financial >> sector and cloud services, to have a general purpose HTTP >> message signing capability. As such, I think it’s time to >> push something forward. >> >> I’ve reached out to the chairs for both DISPATCH and >> SECDISPATCH to request a presentation slot. >> >> Thank you, and I’ll see you all in Singapore! >> — Justin >> _______________________________________________ >> dispatch mailing list >> dispatch@ietf.org <mailto:dispatch@ietf.org> >> https://www.ietf.org/mailman/listinfo/dispatch >> > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org <mailto:Secdispatch@ietf.org> > https://www.ietf.org/mailman/listinfo/secdispatch > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch
- [Secdispatch] HTTP Request Signing Justin Richer
- Re: [Secdispatch] [dispatch] HTTP Request Signing Mark Nottingham
- Re: [Secdispatch] [dispatch] HTTP Request Signing Justin Richer
- Re: [Secdispatch] [dispatch] HTTP Request Signing Jeffrey Yasskin
- Re: [Secdispatch] [dispatch] HTTP Request Signing Mark Nottingham
- Re: [Secdispatch] [dispatch] HTTP Request Signing Phillip Hallam-Baker
- [Secdispatch] Updating/Replacing RFC 2660 ? (was … Dr. Pala
- Re: [Secdispatch] Updating/Replacing RFC 2660 ? (… Eric Rescorla
- Re: [Secdispatch] [dispatch] HTTP Request Signing Mary Barnes
- Re: [Secdispatch] [dispatch] HTTP Request Signing Kathleen Moriarty
- Re: [Secdispatch] [dispatch] HTTP Request Signing Justin Richer
- Re: [Secdispatch] [dispatch] HTTP Request Signing Justin Richer
- Re: [Secdispatch] [dispatch] HTTP Request Signing Adam Roach
- Re: [Secdispatch] [dispatch] HTTP Request Signing Kathleen Moriarty
- Re: [Secdispatch] [dispatch] HTTP Request Signing Justin Richer