Re: HTTP Unprompted Authentication

On Thu, Oct 13, 2022 at 11:58:56AM -0700, David Schinazi wrote:
> Hello HTTP enthusiasts,
> ---------- Forwarded message ---------
> Name:           draft-schinazi-httpbis-unprompted-auth
> Revision:       00
> Title:          HTTP Unprompted Authentication
> Document date:  2022-10-13
> Group:          Individual Submission
> Pages:          9
> URL:

Some quick comments:

- I do not see requirement for TLS 1.3 or Extended Master Secret
  anywhere. It is not safe to use TLS Exporters for authentication

- There is no requirement to include hash algorithm in signatures.
  There are TLS signature algorithms that mean totally different
  things depending on hash function, and more of those could
  appear in the future. E.g, signatures 7 and 8 already have double
  meaning (EdDSA [hash 8] and some Chinese stuff [hash 7]).

- The signatures do not appear to be contextualized in any way,
  which is questionable. For example, one could use the same
  contextualization mechanism that TLS 1.3 uses (which prepends
  64 spaces, a context label and NUL [one zero octet]).


Received on Thursday, 13 October 2022 20:06:43 UTC