- From: Ilari Liusvaara <ilariliusvaara@welho.com>
- Date: Thu, 13 Oct 2022 23:06:26 +0300
- To: HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Oct 13, 2022 at 11:58:56AM -0700, David Schinazi wrote: > Hello HTTP enthusiasts, > > ---------- Forwarded message --------- > Name: draft-schinazi-httpbis-unprompted-auth > Revision: 00 > Title: HTTP Unprompted Authentication > Document date: 2022-10-13 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/archive/id/draft-schinazi-httpbis-unprompted-auth-00.txt Some quick comments: - I do not see requirement for TLS 1.3 or Extended Master Secret anywhere. It is not safe to use TLS Exporters for authentication otherwise. - There is no requirement to include hash algorithm in signatures. There are TLS signature algorithms that mean totally different things depending on hash function, and more of those could appear in the future. E.g, signatures 7 and 8 already have double meaning (EdDSA [hash 8] and some Chinese stuff [hash 7]). - The signatures do not appear to be contextualized in any way, which is questionable. For example, one could use the same contextualization mechanism that TLS 1.3 uses (which prepends 64 spaces, a context label and NUL [one zero octet]). -Ilari
Received on Thursday, 13 October 2022 20:06:43 UTC