[Txauth] HTTP Signing Draft in HTTP WG
Justin Richer <jricher@mit.edu> Mon, 20 January 2020 16:55 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBBF71208E1 for <txauth@ietfa.amsl.com>; Mon, 20 Jan 2020 08:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0aZtl5Q_fUUF for <txauth@ietfa.amsl.com>; Mon, 20 Jan 2020 08:55:14 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13AF61200A1 for <txauth@ietf.org>; Mon, 20 Jan 2020 08:55:13 -0800 (PST)
Received: from [18.20.149.103] ([18.20.149.103]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 00KGtCVA025608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <txauth@ietf.org>; Mon, 20 Jan 2020 11:55:12 -0500
From: Justin Richer <jricher@mit.edu>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <DEF20912-A66E-4FB7-B6DB-CF83CC86F9FE@mit.edu>
Date: Mon, 20 Jan 2020 11:55:12 -0500
To: txauth@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/5K8xS4l1Km1jY6uEAZ1vqEM6KGw>
Subject: [Txauth] HTTP Signing Draft in HTTP WG
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2020 16:55:21 -0000
As many of you know, Annabelle and I have put forward a general-purpose HTTP Signing specification in the HTTP Working Group, at least initially based on the old Cavage signatures spec that’s been used in the wild. We expect a number of important changes to happen as it goes through the standards process (which is to say, we aren’t approaching this to get a stamp on existing code), including some key things that would allow it to be used for one of TxAuth’s proof os possession mechanisms. In fact, I’ve implemented a version of the Cavage draft in the XYZ prototype alongside DPoP style signatures and my old OAuth HTTP Signing draft (which is now expired). I believe this work will be an important building block for TxAuth, alongside MTLS, JOSE, and other crypto systems. The new draft is currently going through its call for adoption within the HTTP WG, and if you have any interest in this work moving forward, please join the thread on the HTTP list to show your support for the draft. The Call For Adoption is currently open and runs through Jan 31. Thanks, — Justin
- [Txauth] HTTP Signing Draft in HTTP WG Justin Richer