- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 18 Apr 2013 12:19:44 -0400
- To: Carsten Bormann <cabo@tzi.org>
- CC: Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
On 04/18/2013 01:54 AM, Carsten Bormann wrote: > On Apr 18, 2013, at 02:22, "David I. Lehn" <dil@lehn.org> wrote: >> if you find security issues > > Wrong question. > > A security spec is worthless if it doesn't establish useful security > properties. Correct. I think Dave Lehn was making a general statement "If you find more issues, please let us know.", he was not asking a question. I believe that you are talking past what he was saying. You also seem to be implying that you know of which security properties are not being established by http-signatures. Could you please elaborate? > The spec needs a good look from people with more security mojo. We agree, which is why we published an implementation, pointed to the spec, and cc'd the IETF HTTP WG. A very positive thing has come out of that, which is that an issue was found with the spec and implementation. > (Or maybe it can simply be replaced by one of the more learned > attempts under discussion, see > http://www.ietf.org/proceedings/85/minutes/minutes-85-httpauth > http://www.ietf.org/proceedings/86/minutes/minutes-86-httpauth for > some links.) Thanks for the link. We've looked at a number of those before, or variants of the approaches. Here's feedback on each: HTTP Origin-Bound Authentication (HOBA) http://tools.ietf.org/id/draft-farrell-httpbis-hoba-02.txt We had considered signatures in the URL in the second approach to the problem in the Web Keys spec. We eventually rejected the solution because of limitations in the URL length in some browsers and because we wanted the semantics of the HTTP headers to be able to be a part of the digital signature. We also didn't want large signed messages being dumped to the webserver logs (the request line is typically included). So, while HOBA does solve the problem, it doesn't solve it in a way that is acceptable to us. HTTP Mutual Authentication http://tools.ietf.org/html/draft-oiwa-http-mutualauth-12 Overkill for our purposes and requires multiple bounces back and forth between the client and the server. Key exchange isn't required since that's taken care of by the Web Keys PKI framework. We don't intend the Web Keys HTTP signature protocol to be session-based, as a session-based value can be built on top of HTTP signatures pretty easily. HTTP Multilegged Auth http://tools.ietf.org/id/draft-montenegro-httpbis-multilegged-auth-01.txt Seems like overkill for our needs and is fairly specific to HTTP 2.0. We wanted something that could work for HTTP 1.0. Multi-legged authentication is something that we're not interested in solving using HTTP Signatures. Putting state into the protocol is something we'd like to avoid if possible. HTTP Salted Challenge Response http://tools.ietf.org/html/draft-melnikov-httpbis-scram-auth-00 Uses HMACs, doesn't use public key crypto, which is a requirement for Web Keys and the Web Payments work. HTTP REST Auth http://tools.ietf.org/id/draft-williams-http-rest-auth-03.txt This was the solution that seemed to be most interesting to the Web Keys and Web Payments work. However, it requires quite a bit of state to be remembered by the server (the Session URIs). Keeping the state of a "session" around isn't desirable. We didn't want there to be a concept of logging in and logging out of a website w/ the HTTP Signature stuff. We'd rather that sessions are built on top of HTTP Signatures via a HTTP header or cookie. Again, if we had to pick a back-up solution, HTTP REST Auth seems like it might work for us, but we'd rather not use if we don't have to. Hopefully this explains why we haven't picked any of the solutions that you outlined in your response. Web Keys + HTTP Signatures are simpler, and we're now in the discovery phase to see if the protocol will stand up to scrutiny by the security community. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Meritora - Web payments commercial launch http://blog.meritora.com/launch/
Received on Thursday, 18 April 2013 16:20:11 UTC