Re: Artart last call review of draft-ietf-httpbis-message-signatures-16

On Wed, Mar 15, 2023 at 7:15 AM Justin Richer <jricher@mit.edu> wrote:
>
> I agree with this approach as well. I think part of the problem here is different readings of “security mechanism”. When I see that, I read it as in “this is a piece that does a specific action”, something inherently part of a larger machine. Others seem to be reading this more as “security solution”, which is to say the plans for the whole machine. That was never the intended reading.

But then the draft has to be extremely explicit about what properties
are provided, what an application has to do to get them and actually
provide these properties. Applications are unlikely to get the sort of
analysis this doc has had.

>
>  — Justin
>
> > On Mar 15, 2023, at 7:59 AM, Backman, Annabelle <richanna@amazon.com> wrote:
> >
> > I agree; we can amend it to explicitly state what this spec does and does not do. This could be reiterated in section 1.4, Application of HTTP Message Signatures.
> >
> > —
> > Annabelle Backman (she/her)
> >
> >> On Mar 14, 2023, at 10:11 PM, Martin Thomson <mt@lowentropy.net> wrote:
> >>
> >> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> >>
> >>
> >>
> >>> On Wed, Mar 15, 2023, at 05:46, Backman, Annabelle wrote:
> >>> Note that like HTTP Message Signatures, SigV4 is not a complete
> >>> security protocol.
> >>
> >> I think that this is an important point that is likely lost on readers of this document.  One that can be fixed, I think, relatively easily.
> >>
> >> The framing in the draft pretty much cleaves along the lines of stating that this is a solution, take the introductory sentence from Section 1.4:
> >>
> >>> HTTP Message Signatures are designed to be a general-purpose security mechanism applicable in a wide variety of circumstances and applications. In order to ...
> >>
> >> A more direct acknowledgment of this limitation might head off the sorts of objections Harald raises.  Perhaps something like:
> >>
> >>> HTTP Message Signatures describe a mechanism for signing selected portions of HTTP messages.  This is not intended to be a complete security mechanism; rather, HTTP Message Signatures form a component in a larger system that depends on authenticating messages.  In particular, the choice of which portions of messages are signed will determine what properties might be obtained.  In order to ...
> >>
>


-- 
Astra mortemque praestare gradatim

Received on Monday, 20 March 2023 05:18:04 UTC