Clearly this is a windmill that many like to tilt at. After seeing the long procession of failed attempts, my conclusion was that signing HTTP messages in a generic fashion was an enterprise doomed to fail.
The main problem is that it's really hard to work out what to protect. Header fields are especially difficult to protect because they lack a stable encoding and they change in transit. The first means that even the most careful spec ends up with spurious signature failures; the second means that things that should be protected, can't be. In the end, you get something with byzantine complexity, an overly restrictive applicability, security failures, or combinations of all three. Taking the OAuth work and the "q" parameter: - the method for creating a canonical encoding of the query string is quite complex, - but it's not complex enough yet because it doesn't handle percent-encoding; - also, if the "q" parameter is omitted, but the query string happens to be security critical you get failures. Clearly the more limited focus helps here, but the point is that you have to accept those limitations, which is a whole new set of problems for an implementation. Say you successfully validate a request, that means that you cannot pass anything that was unvalidated to the next processing stage or you create a side-channel. And are you sure that there isn't some significance to the information you erased during the validation process that might then be used by the next stage? On 2 August 2016 at 20:43, Justin Richer <[email protected]> wrote: > There's also this approach: > > https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-02 > > It's more limited than a general HTTP signing mechanism, but as a > consequence it's more robust for systems that mess with the HTTP message in > transit (which we know happens in the real world). > > -- Justin > > > > On 8/2/2016 1:32 AM, Anders Rundgren wrote: >> >> Hi All, >> >> I was recently involved in an inter-bank payment project based on a REST >> API. >> >> Since my role was "cryptography" I recommended the following approach >> >> http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html >> since an operation is defined not only by the message payload, but also by >> the HTTP verb, URI, and header parameters. >> >> The only related standards effort I'm aware of is this: >> https://tools.ietf.org/html/draft-cavage-http-signatures-05 >> >> Unfortunately the methods above get rather awkward if you have a system >> where requests are supposed to be embedded in other messages or just proxied >> to another server. >> >> I would rather have dropped REST in favor of transport-independent schemes >> using self-contained JSON-encoded signed message objects. >> >> WDYT? >> >> Anders >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
