Re: Web Keys and HTTP Signatures

On 04/18/2013 12:39 PM, Carsten Bormann wrote:
> No, I just reported that I got stuck trying to find out the security
>  properties.

Ok, that wasn't clear. More on this below...

> I was also unclear about the security objectives.  This is starting 
> to become a bit clearer with the discussion now, but that doesn't 
> replace a good exposition of what you are trying to achieve/what you
>  think you have achieved.

This might help with respect to the Web Keys specification:

https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/

This might help with respect to the Web Payments work:

http://blog.meritora.com/launch/

> So, for instance, I'd like to understand your stance on replay a bit 
> better.

Short story: Replay is bad, we try to prevent it. :)

We have two protections against replay attacks in Web Key digital
signatures. The first is a nonce, which is optional under certain
circumstances. The second is a datetime stamp which is used to
time-block an attack period (for example - 5 minutes).

We made nonces optional as not everyone will require them. The Web
Payments specs require nonces to be implemented correctly as an
additional security measure. We also require payment processors to
always use HTTPS as a further security measure.

The documentation is pretty dated on this stuff, but you can read more
about it here:

https://payswarm.com/specs/source/web-keys/#the-response-token

and here:

https://payswarm.com/specs/source/web-keys/#message-signature-algorithm

> RFC 3552 and RFC 4101 may be good reading for the kind of question 
> that tends to come up, and RFC 4949 will give you some terminology
> to minimize ambiguity.

Yep, we're working on explanations about the design behind web keys.
Unfortunately, the spec is quite out of date. Implementations match the
current design, but we need to move what we do in the implementations
back into the Web Keys spec.

Keep in mind that the HTTP Signatures spec intended to be a sub-section
of Web Keys. We could publish it separately if that would move it toward
REC (at W3C) or RFC (at IETF) faster.

> Thanks a lot for the appraisal of the httpauth candidates -- this 
> will be really useful input for the work of that WG.

I'll send another e-mail to that mailing list to make sure that we're
engaging the right community. I'll stop cc'ing the HTTP WG shortly,
unless the conversation should continue in this group as well?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/

Received on Thursday, 18 April 2013 18:35:20 UTC