Bob, could you clarify how magic sigs would work? I am under the impression that the turduckin problem would still be there (but I'm probably missing something?).
Jeff, I like the idea of the spec you proposed. Do you know of any use case currently out there? Julien On Mon, Nov 21, 2011 at 1:12 AM, Farrukh.najm <[email protected]>wrote: > I believe ebxml messaging protocol may be worthwhile studying for how to > handle message level security in a multi-hop scenario. > > > --Farrukh Najmi > > > > -------- Original message -------- > Subject: Re: [pubsubhubbub] Secure notification of arbitrary content using > Salmon Magic Signatures > From: Bob Wyman <[email protected]> > To: [email protected] > CC: > > > HTTP headers are global to the entire message being transmitted. So, if > the message body is aggregated from multiple sources, each of which signed > their originals, how would you match signatures in the header to > subcomponents of the message in a format-independent manner? Or, do you > simply say that aggregation isn't supported? > > A hub may wish to sign a message that was signed by its publisher. This > message might then be sent to another hub that also wanted to sign it, > etc... In this case, if the signatures are in the header, who signs what > and how do you keep the signatures distinguished from each other? > > bob wyman > > On Sun, Nov 20, 2011 at 6:20 PM, Jeff Lindsay <[email protected]> wrote: > >> Alternatively, many people implementing webhooks (PSHB being one example) >> use an HTTP header for signing. So far everybody does it differently. I >> like Magic Signatures, I also like the loosely inspired JWT, but I feel >> like something that lives in the headers is the Right Way to do this. >> >> There is a very rough draft for something that could solve this problem: >> http://tools.ietf.org/html/draft-burke-content-signature-00 >> >> I've been recommending it to people looking at signing their webhook >> payloads. It's not exactly usable yet, but I think it's a good thing to >> think about. Perhaps we can borrow semantics from Magic Signature and put >> them into Content Signature? >> >> -jeff >> >> >> On Sun, Nov 20, 2011 at 1:56 PM, Bob Wyman <[email protected]> wrote: >> >>> Julien suggests that a new mechanism is required to provide secure >>> notification when sending arbitrary content. >>> One useful and simple approach to this problem is provided by the "Magic >>> Signature"<http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html>method >>> of the Salmon >>> Protocol <http://www.salmon-protocol.org/>. >>> If one assumes that the primary concerns for security involve ensuring >>> that data tampering and authorship can be detected, the Magic Signature >>> approach should do the job well. It would not, however, be suitable if the >>> intent is to publish "secret" data. >>> >>> See: >>> http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html >>> >>> bob wyman >>> >>> >> >> >> -- >> Jeff Lindsay >> http://progrium.com >> > >
