I believe ebxml messaging protocol may be worthwhile studying for how to handle message level security in a multi-hop scenario.
--Farrukh Najmi -------- Original message -------- Subject: Re: [pubsubhubbub] Secure notification of arbitrary content using Salmon Magic Signatures From: Bob Wyman <[email protected]> To: [email protected] CC: HTTP headers are global to the entire message being transmitted. So, if the message body is aggregated from multiple sources, each of which signed their originals, how would you match signatures in the header to subcomponents of the message in a format-independent manner? Or, do you simply say that aggregation isn't supported? A hub may wish to sign a message that was signed by its publisher. This message might then be sent to another hub that also wanted to sign it, etc... In this case, if the signatures are in the header, who signs what and how do you keep the signatures distinguished from each other? bob wyman On Sun, Nov 20, 2011 at 6:20 PM, Jeff Lindsay <[email protected]> wrote: Alternatively, many people implementing webhooks (PSHB being one example) use an HTTP header for signing. So far everybody does it differently. I like Magic Signatures, I also like the loosely inspired JWT, but I feel like something that lives in the headers is the Right Way to do this. There is a very rough draft for something that could solve this problem: http://tools.ietf.org/html/draft-burke-content-signature-00 I've been recommending it to people looking at signing their webhook payloads. It's not exactly usable yet, but I think it's a good thing to think about. Perhaps we can borrow semantics from Magic Signature and put them into Content Signature? -jeff On Sun, Nov 20, 2011 at 1:56 PM, Bob Wyman <[email protected]> wrote: Julien suggests that a new mechanism is required to provide secure notification when sending arbitrary content. One useful and simple approach to this problem is provided by the "Magic Signature" method of the Salmon Protocol. If one assumes that the primary concerns for security involve ensuring that data tampering and authorship can be detected, the Magic Signature approach should do the job well. It would not, however, be suitable if the intent is to publish "secret" data. See: http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html bob wyman -- Jeff Lindsay http://progrium.com
