Re: [http-auth] Review Request for third draft of "Signing HTTP Messages" from Yoav Nir on 2014-05-22 (public-webpayments@w3.org from May 2014)

From: Yoav Nir <ynir.ietf@gmail.com>
Date: Thu, 22 May 2014 09:04:30 +0300
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: IETF HTTP Auth <http-auth@ietf.org>, Web Payments CG <public-webpayments@w3.org>
Message-Id: <73FEA0D3-E9EE-4020-8467-9DEAFA2630E1@gmail.com>

Hi, Manu

Interesting draft. I finally found the time to go over it. A few comments in no particular order:

I agree with Mark about keeping the motivation part simpler. Signing prevents forgeries, not monitoring. 
To my mind, the main motivation for this is that HTTP (and HTTPS) are often not deployed end-to-end. There are internal proxies, decrypting proxies, next-generation firewalls, load balancers, TLS routers, and probably a dozen others I’ve forgotten. Each hop of an HTTP connection may or may not be protected by TLS, may or may not strip the encryption, and may or may not re-encrypt (and re-authenticate) for the next hop. Signing requests are responses provides end-to-end integrity, which current HTTP(S) does not provide.
About the text in section 1 regarding password cracking:
                                                          Digest
   authentication, while providing a little more protection, still
   leaves the scheme open to brute-force attacks that are capable of
   discovering a weak or random 8 character password in less than 3
   hours using a single commodity computer
I’m not sure how you can crack 8-character random passwords on a commodity computer in 3 hours. Brute force won’t get you there. I suggest you either explain how, point to a reference, or even better, pull it out. 
The URL of signature schemes ( http://www.iana.org/assignments/signature-algorithms ) is broken and I couldn’t figure out the one you meant.
2.1.3: some headers may appear more than once (if their value is defined as a comma-separated list). If there are such header lines, I’m guessing the signature applies to all or none, right?  (that’s not a bad thing - just a clarification question)
I’m wondering if the WWW-Authenticate header should have a “headers” parameter. Otherwise, the server demands a signature, and then the client signs something, which may or may not cover everything the server policy says should be signed. This could be pre-arranged between client and server, but then the client should also know in advance when to sign. So I think the server should specify which fields need to be included in the signature.

Regards,

Yoav

Received on Thursday, 22 May 2014 06:06:14 UTC