- From: RFC Errata System <rfc-editor@rfc-editor.org>
- Date: Tue, 29 Oct 2024 07:40:21 -0700 (PDT)
- To: taka@authlete.com, richanna@amazon.com, ietf@justin.richer.org, msporny@digitalbazaar.com
- Cc: francesca.palombini@ericsson.com, iesg@ietf.org, ietf-http-wg@w3.org, iana@iana.org, rfc-editor@rfc-editor.org
The following errata report has been verified for RFC9421, "HTTP Message Signatures". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8103 -------------------------------------- Status: Verified Type: Technical Reported by: Takahiko Kawasaki <taka@authlete.com> Date Reported: 2024-09-15 Verified by: Francesca Palombini (IESG) Section: 7.5.3 Original Text ------------- Several parts of this specification rely on the parsing of Structured Field values [STRUCTURED-FIELDS] -- in particular, strict serialization of HTTP Structured Field values (Section 2.1.1), referencing members of a Dictionary Structured Field (Section 2.1.2), and processing the @signature-input value when verifying a signature (Section 3.2). While Structured Field values are designed to be relatively simple to parse, a naive or broken implementation of such a parser could lead to subtle attack surfaces being exposed in the implementation. For example, if a buggy parser of the @signature-input value does not enforce proper closing of quotes around string values within the list of component identifiers, an attacker could take advantage of this and inject additional content into the signature base through manipulating the Signature-Input field value on a message. Corrected Text -------------- Several parts of this specification rely on the parsing of Structured Field values [STRUCTURED-FIELDS] -- in particular, strict serialization of HTTP Structured Field values (Section 2.1.1), referencing members of a Dictionary Structured Field (Section 2.1.2), and processing the @signature-params value when verifying a signature (Section 3.2). While Structured Field values are designed to be relatively simple to parse, a naive or broken implementation of such a parser could lead to subtle attack surfaces being exposed in the implementation. For example, if a buggy parser of the @signature-params value does not enforce proper closing of quotes around string values within the list of component identifiers, an attacker could take advantage of this and inject additional content into the signature base through manipulating the Signature-Input field value on a message. Notes ----- "@signature-input" should be changed to "@signature-params". There is one such error in both the first and second paragraphs of Section 7.5.3. -------------------------------------- RFC9421 (draft-ietf-httpbis-message-signatures-19) -------------------------------------- Title : HTTP Message Signatures Publication Date : February 2024 Author(s) : A. Backman, Ed., J. Richer, Ed., M. Sporny Category : PROPOSED STANDARD Source : HTTP Stream : IETF Verifying Party : IESG
Received on Tuesday, 29 October 2024 14:40:26 UTC