- From: Paul Leach <paulle@microsoft.com>
- Date: Thu, 29 Feb 96 11:44:52 PST
- To: john@math.nwu.edu
- Cc: hallam@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Here's a proposed fixed description of Digest-MessageDigest to account for proxies. Bascially, the nonce, username, realm, and password used to digest entities in the D-MD have to be those of the origin-server, even when talking to a proxy (where different N, U, R, P might have been used in the Proxy-Authorization header of the transaction.) If it turns out that general and response headers really can't be digested, even when proxy header mangling isn't an issue, then remove the <header-digest> part. If even entity headers can't be digested, then remove the <entity-digest> part. (But I'm still not convinced that they can't be, at least if authentication is desired.) But <message-digest> needs these changes to account for proxies, and <message-digest> needs <nonce> and <date>. (I changed the grammar notation, in both this and the previous proxy fixes proposals, to be parallel to what's in the HTTP spec, so that a simple syntactic transform will make it the same.) When authorization succeeds, the Server may optionally provide the a Digest-MessageDigest header, whose format is as follows: <digest-messagedisgest> := Digest-MessageDigest: message="<message-digest>", entity="<entity-digest>", header="<header-digest>", nextnonce="<nextnonce>", entity-nonce="<nonce>", entity-date="<date>" The Digest-MessageDigest header indicates that the server wants to communicate some information regarding the successful authentication (such as a message digest or a new nonce to be used for the next transaction). The parameters of this header can occur in any order. <message-digest> is a keyed digest of the entity in the message. It is computed by origin-servers and checked by clients in the same way as in the Authorization header, with N being the <nonce> in this header, and the username, realm, and password (U, R, P) in A1 being those appropriate for the origin-server, and not those for any intermediate proxies. Proxies do not compute <message-digest>; they get its value by caching the <message-digest> in the Digest-MessageDigest header of the message containing this entity when it was originally received by the proxy. Similarly, they get the value of <nonce> by caching the <nonce> in the Digest-MessageDigest header of the message containing this entity when it was originally received by the proxy. The <message-digest> allows the receiver to verify that an entity-body in the message has not been changed en-route, and that it came from a sender that shares knowledge of a password with the receiver. It does not verify that the entity-body is associated with any particular URI. The server would probably only send this when it has the document and can compute it. The server would probably not bother generating this header for CGI output. <entity-digest> is a keyed digest over the entity, including entity headers. It is computed by origin-servers and checked by clients as: <entity-digest> := H( H(A1) + ":" + <nonce> + ":" + H(A2) + ":" + h1 + h2 + ... + h(n) + ":" + H(<entity-body>) + ":" + <date>) where A1, N, A2 and <entity-body> are the same as in the algorithms given above for the Authorization header, <date> is the value of the date parameter (see below), and h1 to h(n) are the entity headers in the message, in the order sent by the originator (origin-server or client). Proxies do not compute <entity-digest>; they get its value by caching the <entity-digest> in the Digest-MessageDigest header of the message containing this entity when it was originally received by the proxy. Each h(i) is digested exactly as sent by the originator: with case and LWS preserved, and including the header name, the colon, and all text up to and including the trailing CRLF. Similarly to the <message-digest>, this allows the receiver to verify that the entity and its headers have not been changed en-route, and in addition, to verify that the entity-body is associated with a specified URI, and to verify the freshness of the entity-body. There is no need to send <message-digest> if <entity-digest> is sent. Using <entity-digest> a client can know the time that the origin server sent the response, thus preventing proxies from claiming responses are newer than they actually are. In particular, an <entity-digest> in the response to a conditional GET should always contain a reasonably recent date. <header-digest> is a keyed digest over all the information in a message other than the header containing the <header-digest> itself. It is computed by servers (including proxies) and checked by clients as: <header-digest> := H( H(A1) + ":" + N + ":" + H(A2) + ":" + h1 + h2 + ... + h(n) + ":" + <entity-digest> + ":" + D) where A1, A2, and <entity-digest> are the same as above for <entity-digest>, except that A1 contains the username, password, and realm (U, R, P) appropriate for the server generating this response, which is not the origin-server in the case of a proxy. N is the value of <nonce> from the credentials in the Authorization or Proxy-Authorization header of the request to which the message containing this header is a response. D is the value of the Date header in the message containing this header if the response is directly from an origin-server, and <date> if the response is from a proxy. The h1 to hn are the general and response headers (other than the one containing the <header-digest>) in the message; they are included in the digest calculation in the same manner as the h(i) of the <entity-digest>. Similarly to the <message-digest>, this allows the client to verify that the message has not been changed en-route. The <entity-digest> verifies that the entity came from an sender that shares knowledge of a password with the receiver; <header-digest> verifies that the response came from a server that shares knowledge of a (usually different in the case of a proxy) password with the receiver. <nextnonce> is the nonce the server wishes the client to use for the next authentication response. All fields are optional. In particular the server may send the Digest-MessageDigest header with only the nextnonce=<nextnonce> field as a means of implementing one-time nonces. If the nextnonce field is present the client is strongly encouraged to use it for the next WWW-Authenticate header. Failure of the client to do so may result in a request to re-authenticate from the server with the "stale=TRUE." entity-date="<date>" gives the date/time that the entity was sent by the origin-server; proxies must include it when <entity-digest> get this value from the Date header in the orignal message containing the entity. The <date> is in HTTP-Date format as defined in the HTTP specification (section 3.3.1 of [HTTP]). It is required in responses when <entity-digest> is present. entity-nonce="<nonce>" gives the nonce N to use to calculate the <message-digest> or <entity-digest> and is required when either of those two parameters is present. Origin-servers generate new <nonce> values on demand; proxies get the <nonce> value from the Digest-MessageDigest header of the message in which the entity was originally received. The origin-server chooses a <nonce> to use in computing <message-digest> or <entity-digest> and includes it in the Digest-MessageDigest header. ---------- ] From: John Franks <john@math.nwu.edu> ] To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU> ] Cc: Paul Leach; <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>; <hallam@w3.org> ] Subject: Digesting headers ] Date: Thursday, February 29, 1996 7:56AM ] ] On Thu, 29 Feb 1996, Roy T. Fielding wrote: ] ] > > <header-digest> is a keyed digest over the entity headers (as defined by ] > > HTTP -- e.g., as of HTTP/1.1, Content-Type and other Content-* headers, ] > > Last-Modified, Expires, etc.) It is computed as ] > ] > That won't work. HTTP header fields of the same name can be appended ] > together, and header fields of different names can be reordered, by ] > any HTTP recipient without changing the semantics of the message. ] > The only way to digest the header fields is to first encapsulate them ] > using something like WRAPPED or MOSS. ] > ] > ] ] Ok, digests of headers will have to wait for the WRAPPED method. ] ] What about the date header being part of the data digested for the ] message-digest. Is it unsafe to assume that proxies will not mangle ] the origin-server Date: header? ] ] ] John Franks Dept of Math. Northwestern University ] john@math.nwu.edu ] ]
Received on Thursday, 29 February 1996 11:42:02 UTC