Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try to switch to HTTP Message Signatures #713

Open
jyasskin opened this issue Feb 18, 2022 · 3 comments
Open

Try to switch to HTTP Message Signatures #713

jyasskin opened this issue Feb 18, 2022 · 3 comments
Labels
SXG Issue related to Signed HTTP Exchanges

Comments

@jyasskin
Copy link
Member

The HTTPWG has been working on https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures, and it's probably sufficient to replace our local Signature header definition.

@hayatoito
Copy link
Collaborator

[Issue Triage]
The upstream issue is wpack-wg/bundled-responses#18.

Let me close this issue, in favor of that.

@irori
Copy link
Collaborator

irori commented Sep 27, 2022

I think this issue is not about WebBundles but about SignedExchange's Signature header.

@irori irori reopened this Sep 27, 2022
@irori irori added the SXG Issue related to Signed HTTP Exchanges label Sep 27, 2022
@irori irori self-assigned this Oct 6, 2022
@irori irori removed their assignment Oct 13, 2022
@davidben
Copy link
Collaborator

Just because HTTP message signatures says "HTTP" and "signatures" doesn't mean it is appropriate for every HTTP-adjacent signature use case. Indeed it is not a good fit here. Moving to HTTP message signatures would leave SXGs more complex and dramatically increase the risk of security bugs in software around SXGs.

HTTP message signatures is an extremely complex draft that falls into a lot classic, well-known security pitfalls with incorporating complex canonicalization and transforms into a signature-based protocol. This is because they're trying to solve for a number of constraints that don't apply to SXGs. They want to sign content that was delivered across HTTP fields, with signer and intermediary content interleaved, while accounting for the wide range of HTTP wire formats and transforms by intermediaries. If that is truly your application's constraints, then perhaps you may be stuck with this kind of risky design. (Even then a far better strategy is to rearchitect your application to avoid this.) If not, HTTP message signatures is not a good choice.

SXG, in contrast, has no need of this. It doesn't need the HTTP headers in the signed payload to be sent directly over HTTP. If anything, doing so adds risk for SXG because you don't want headers from the intermediate to get mixed up with headers from the publisher! It's critical for security that publisher and intermediary content are clearly separated. In that situation, the correct design is to simply take the data from the publisher, encode it in some well-defined format, sign the encoding, and transmit encoding + signature together. That's what SXG currently does.

If we want to repurpose some existing building blocks, consider moving the encoding to RFC 9292, used by draft-ietf-ohai-ohttp. OHTTP, like SXG, is another example of how the HTTP message signatures architecture is rarely necessary. OHTTP wants to encrypt HTTP-like payloads (headers + body). But rather than build something complex, it simply designs some encoding for such payloads, and then encrypts it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
SXG Issue related to Signed HTTP Exchanges
Projects
None yet
Development

No branches or pull requests

4 participants