- From: Watson Ladd <watsonbladd@gmail.com>
- Date: Wed, 14 Jul 2021 14:03:02 -0700
- To: ietf-http-wg@w3.org
Dear all, I've taken a look at draft-ietf-httpbis-message-signatures and think there are some issues and unfortunate limitations, beyond the algorithm field issue. By canonicalizing the request into a bit string before signature verification, but not necessarily ensuring implementation semantics match that canonicalization, all sorts of problems may ensue. Applications MUST ensure that headers that change the meaning of other headers that are signed are included. Otherwise things go badly. Ideally applications would only look at the signed data, but that isn't really possible in HTTP. In cases where signatures are validated by a proxy, but the request is interpreted by a server, all the usual problems of request smuggling rear their ugly head. It should be a requirement that requests are treated with extremely strict RFC compliance ahead of verification. As far as I could tell post parameters are not covered by a signature, and thus are vulnerable to modification. Modifying posted form data could be very problematic. It's fine if out of scope, but feels like it should be included to be useful, especially given that form data can interact with URL query parameters. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim
Received on Wednesday, 14 July 2021 21:03:26 UTC