W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

draft-ietf-httpbis-message-signatures-05

From: Christopher Langton <chris@langton.cloud>
Date: Mon, 12 Jul 2021 05:44:26 +0000
To: "public-credentials@w3.org" <public-credentials@w3.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <h5V7Vq6ndpToeXGlL8PqMMKHEc-Zy5jxXWea2XIrIWkSLruAJMNxjJIyOHeeopKrQKOeXpAhay8pe7p69M3VyDsu_Hs_d9Nwfpjz8oT_s7Q=@langton.cloud>
I noticed that in this draft-ietf-httpbis-message-signatures-05 that has replaced expired draft-cavage-http-signatures-08 did not adopt many of the learning of it's predecessor, specifically regarding HMAC.

This draft currently accepts HMAC-SHA256 however I recall reading draft-cavage dropped supporting that in earlier versions (9 or 10)

Algorithm Name: hmac-sha256
Status: deprecated, specifying signature algorithm enables attack
vector.
Canonicalization Algorithm: [RFC_THIS_DOCUMENT], Section 2.3:
Signature String Construction [25]
Hash Algorithm: RFC 6234 [RFC6234], SHA-256 (SHA-2 with 256-bits of
digest output)
Message Authentication Code Algorithm: RFC 6234 [RFC6234],
Section 7.1: SHA-Based HMACs

and version 12 uses SHA512.
Is it fair to assume draft-ietf-httpbis-message-signatures-06 i.e. next version, will deprecate HMAC-SHA256 also?

Might i suggest supporting any of the following, because they are 'interchangeable' in implementation level detail; in openssl and majority of programming languages (and all libraries) that support a HMAC in the standard crypto construct.

HMAC-SHA512
HMAC-SHA3-256
HMAC-SHA3-384
HMAC-SHA3-512
HMAC-BLAKE2B512

I have a proof of concept in Golang and ruby in a past employer, and have my own proof of concepts showing they are also interchangeable in bash using openssl, python using hashlib, nodejs using crypto, and JavaScript using Crypto.JS.

I hope this is accepted, I am looking forward to HTTP signed requests getting publiched out of draft and more widely adopted, because alternatives are overly complex (implementation level) or offer some security charade (Hawk Authentication).
This technical spec is a great balance of complex security characteristics and knowledge of the necessary implementation developers will need to do.

Regards
Christopher Langton
Received on Monday, 12 July 2021 07:31:35 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC