[Wpack] Interpreting package signatures
Jeffrey Yasskin <jyasskin@google.com> Mon, 30 March 2020 18:20 UTC
Return-Path: <jyasskin@google.com>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E5673A0DA3 for <wpack@ietfa.amsl.com>; Mon, 30 Mar 2020 11:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.699
X-Spam-Level:
X-Spam-Status: No, score=-15.699 tagged_above=-999 required=5 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRQDZiCfipSy for <wpack@ietfa.amsl.com>; Mon, 30 Mar 2020 11:20:47 -0700 (PDT)
Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55E593A0DA1 for <wpack@ietf.org>; Mon, 30 Mar 2020 11:20:47 -0700 (PDT)
Received: by mail-qv1-xf2b.google.com with SMTP id g4so9443348qvo.12 for <wpack@ietf.org>; Mon, 30 Mar 2020 11:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=XykByFKn4HojksyEPHmNN0dKs6knwyPFeaMXZ9Ieelg=; b=HQ1QMTrJQFh3CsroI5pDPU1R54F79TsGkVyL5i1IDF957mmHh3VOene9eAzFvELh9k 6W8iqK3DIEqjhNznP7CmbsKVWHliwVNwdXpMNuDMWpu2npFWw5MIzA510JVFToDv2N+L kAC4bmxyuIqZDdH9D0NXRfzcnkeUG0g66Y5Dgsh4FHEsT8NI+A6vinY0AFH0CRjcYzWq qDDxwtZF+VuOisA+/cqZoe1esY2SuloZ/mGYo+MWF8zh3Bi2gq9swPCtxhin3ysLOyA/ IzO0mrRvi6I8MR9Ctn9Z0iCX8dx7BfNMeT894g7EdYZLdK/fpYZ9JP0gE8af9mGQZqYc Sn7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=XykByFKn4HojksyEPHmNN0dKs6knwyPFeaMXZ9Ieelg=; b=h6PeQBbc0hCwG4JeOE0tQ7Hzgg4vCEPq5JFc2bTcr+BbgdTnNSsWvR7zwnKz0Vn/Hq sKnHqpExxBpW8bMYsye15tAtweUaJADOR/nZzphS3mHtqoi99XCt/y2qHlA1ugYfxU/s NlqpHrDvBWbw1aBC9o2MTNkbrKI2vSQGp7extrhXAsSilUmL90C7DcYdc+jdYtP1QUn6 I5+GLZWyEFiD6wfHEOa1nhA0RQrYBfRcswckav2s1dUqQBezmFCDkcdwUe8Wja0EZSMJ MqrXckp4ZVuPXbG6DoKB+AxaQMf2DhzyXHP7V/KFAgcRyMTV8sf53j3f73vSVYbY5FwD IihA==
X-Gm-Message-State: ANhLgQ2oNRTM21F1sA4T64p6BcsVmyf/o2Yt/tiuqtTs048u5hKm0CUY L9P67oh0c322XTQIPaWarcjrdRtV9sqAki30MEHA5d2+Vj8=
X-Google-Smtp-Source: ADFU+vvFkcicnVdljXvT6oX1HiBgle+/qqk1v97Ayv0uziyH5td/iSpNm2UgZ3y9DElGUCpq890yC6WgVdibFhuaamo=
X-Received: by 2002:ad4:4302:: with SMTP id c2mr12299798qvs.193.1585592445402; Mon, 30 Mar 2020 11:20:45 -0700 (PDT)
MIME-Version: 1.0
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Mon, 30 Mar 2020 11:20:34 -0700
Message-ID: <CANh-dXmCHJASBi4cRB2AJ3iH9wvOkOQohaFsh6qE5bjAPuPA5A@mail.gmail.com>
To: WPACK List <wpack@ietf.org>
Cc: Larry Masinter <LMM@acm.org>
Content-Type: multipart/alternative; boundary="00000000000077ed2005a216824b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/vYJvzAe8MP_P6ukUxKQ1dp6N76w>
Subject: [Wpack] Interpreting package signatures
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2020 18:20:49 -0000
Larry wrote in https://mailarchive.ietf.org/arch/msg/wpack/dL8feENuL9t-HpKj1PWCYjz0r2A/ that: I suspect your requirements may be at the wrong level (you’re starting with > a very operational view of the “web security model” (if there is such a > thing) by translating TLS into digital signatures and asking who signs what > and how can you do that with minimal changes to the browser “security > model”. > > Asking what’s the origin of a data: URL is asking the wrong question. The > problem is the notion of “origin” is tied to the HTTP transaction model. > > PDF signatures are package signatures, but the signature isn’t tied to the > origin of any of the parts. Isn’t that what you want when you want to show > something is trusted not because it was assembled from trusted parts but > because you trust the assembler? What use case forces you to assume that > interpretations packages have to look the same in the browser showing URLs? In the web packaging drafts, I've tried to consistently distinguish between the "author" of content versus the "publisher" of a package, for example in https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-08.html#terminology. The HTTP "origin" corresponds to a publisher, rather than an author, as you can see when the byline of https://www.propublica.org/article/what-happens-if-workers-cutting-up-the-nations-meat-get-sick isn't reflected in the URL. That is, the "origin" isn't the entity that originally wrote the bytes, it's the entity that assembled the parts, which I think matches what you're asking for. And in my signing proposal, indeed, signatures come from publishers, not authors. This means that if a client saves some unsigned content, they have the option of signing it as themself when forwarding it to a friend. There's not much benefit to doing that, since the client likely doesn't have a publicly-recognized key, but it's possible. Jeffrey
- [Wpack] Interpreting package signatures Jeffrey Yasskin