HTTP Integrity Header
draft-hallambaker-httpintegrity-01
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Author | Phillip Hallam-Baker | ||
| Last updated | 2012-10-19 | ||
| RFC stream | (None) | ||
| Formats | |||
| Additional resources | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-hallambaker-httpintegrity-01
Internet Engineering Task Force P. Hallam-Baker
Internet-Draft Comodo Group Inc.
Intended status: Standards Track October 19, 2012
Expires: April 22, 2013
HTTP Integrity Header
draft-hallambaker-httpintegrity-01
Abstract
The HTTP Integrity header provides a means of authenticating HTTP
requests and responses using a Message Authentication Code (MAC).
This document defines the HTTP integrity header and specifies its use
to authenticate and verify specific parts of an HTTP message. the
means by which the symmetric or asymmetric keys used to authenticate
the messages is outside the scope of this document.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 22, 2013.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
Hallam-Baker Expires April 22, 2013 [Page 1]
Internet-Draft HTTP Integrity Header October 2012
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Use in Web Services . . . . . . . . . . . . . . . . . . . . 3
1.2. User Authentication . . . . . . . . . . . . . . . . . . . . 4
2. Syntax and options . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Attribute id=[base64(value)] . . . . . . . . . . . . . . . 5
2.2. Attribute nonce=[base64(value)] . . . . . . . . . . . . . . 5
2.3. Attribute value=[base64(value)] . . . . . . . . . . . . . . 5
2.4. Attribute content=[true|false] . . . . . . . . . . . . . . 5
2.5. Attribute start=[true|false] . . . . . . . . . . . . . . . 5
2.6. Attribute header=[escaped(headers)] . . . . . . . . . . . . 5
3. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
3.1. Data outside the specified scope is not authenticated . . . 5
3.2. Truncated Hash Algorithms . . . . . . . . . . . . . . . . . 6
3.3. Randomness of Secret Keys and nonces . . . . . . . . . . . 6
3.4. Weak Ciphers . . . . . . . . . . . . . . . . . . . . . . . 6
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
5. Normative References . . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6
Hallam-Baker Expires April 22, 2013 [Page 2]
Internet-Draft HTTP Integrity Header October 2012
1. Introduction
The HTTP Integrity header provides a simple and effective means of
authenticating components of a HTTP transaction at the HTTP
Application layer without disclosure of the secret(s) used as the
basis for authentication.
This approach has considerable advantages over the traditional
approaches of using HTTP Cookies containing an authentication secret,
embedding authentication data within the HTTP message content or
relying on TLS integrity checks alone.
The Integrity header provides an equivalent security functionality to
the use of authentication cookies without the vulnerabilities
intrinsic to the use of static authentication secrets that are
disclosed to the verifying party en-clair to effect verification.
Use of a HTTP header to provide integrity information offers a
simpler and more flexible approach than use of schemes such as PKCS#
7/CMS, XML Signature or JSON Signature. The chief technical
challenge in such specifications being to reliably identify the exact
scope of the data being signed and the form of encoding. Moving the
integrity check to a HTTP header permits the scope of the signature
to be defined as the scope of the HTTP content body and the encoding
to be the HTTP transport encoding.
Use of the HTTP Intergity header permits the same mutual
authentication guarantees provided by TLS client authentication
without the need to provision client certificates and with
considerably less complexity.
For simplicity, the HTTP Integrity header is strictly limited to
identifying a security context, the HTTP transaction item(s) to be
authenticated and the resulting authentication value. The means of
establishing the keys and algorithms that make up the security
context are outside the scope of this document.
In the typical case the security context identifier is a ticket (c.f.
Kerberos) that contains the account identifier, shared secret(s) and
algorithm identifier required a Web Service protocol or Web Browser
Authentication protocol. This approach permits a stateless server
design in which the server does not store per-account keys.
1.1. Use in Web Services
The HTTP Integrity header was originally developed to simplify
implemenatation of Web Services. Using the SOAP approach a Web
Service message is encoded in XML, wrapped in a SOAP envelope and a
Hallam-Baker Expires April 22, 2013 [Page 3]
Internet-Draft HTTP Integrity Header October 2012
WS-Security header with an XML Signature attached. The whole package
is then attached to a HTTP message as a content payload.
This approach involves a considerable degree of complexity and in
most cases achieves nothing more than attaching an integrity check.
Carrying the integrity check as a HTTP header eliminates the need for
the SOAP and WS-Security layers entirely. For example, the following
example is a HTTP request in the Omnibroker connectin protocol.
Post / HTTP/1.1
Host: example.com
Cache-Control: no-store
Content-Type: Application/json;charset=UTF-8
Content-Length: 78
Integrity: content=true;
value=cjkMkfnnYP8JYWZAbRLvtpqImmOK3rsrOT1XcvAgHDk=;
id=TUMnorO0SjHHS7D2uFcGlRYJ0Hd3eibwe0ogptoNMQuCYmCHfHAJcJlyvi
j8WoXDglTSOkctnmoBzl8W0NLSlcgSyZcmsAyoWs8y1Rn2ZlO2WBgoWrFIOqPa4
oB29dgs/ei6ieINZtmvXNCm2NUkWA==
{
"TicketRequest": {
"ChallengeResponse": "TctLOG74cwpm26YNpEibcQ=="}}
A single HTTP message MAY have multiple Integrity headers. This
facilitates support for multi-party transactions in which A submits a
transaction to B who countersigns it and passes it to C who is
required to chek that she has proof of agreement by both A and B.
Use of the Integrity header permits the developer to isolate
integrity and authentication checks to a single point of control, as
is advised by best security practice. The security monitor examines
a HTTP message, verifies that the required integrity data is present
and correct and only passes the payload on for processing by the Web
Service itself if and only if the verification checks have been
passed.
1.2. User Authentication
Use of the HTTP Intgerity header addresses the most challenging
problem facing the designers of SAML, OpenID and OAUTH, this being
binding the established authentication context to the HTTP messages
sent by the authenticated parties. The problem is difficult because
the protocols are designed to interoperate with legacy browsers.
Providing explicit support for an integrity check in the HTTP
protocol would require browsers with native support for the
authentication mechanism but greatly reduce the complexity of
providing this support.
Hallam-Baker Expires April 22, 2013 [Page 4]
Internet-Draft HTTP Integrity Header October 2012
2. Syntax and options
2.1. Attribute id=[base64(value)]
The ticket attribute identifies the security context under which the
authentication value has been generated. The attribute is an opaque
sequence of octets in base64 encoding.
2.2. Attribute nonce=[base64(value)]
Specifies a nonce value to be used in combination with the specified
scope.
2.3. Attribute value=[base64(value)]
The mac attribute specifies the value resulting from applying the
security context and nonce (if present) to the specified scope.
The scope is specified by the start, header and content attributes.
The order in which the scope attributes are specified is immaterial.
The scope is always constructed in the same order as the elements
occur in a HTTP message, i.e. start, headers and content.
2.4. Attribute content=[true|false]
If set true, the specified scope includes the message body. The
content transfer encoding (e.g. chunked) is ignored for the purpose
of determining the content.
2.5. Attribute start=[true|false]
If set true, the specified scope includes the message start line.
This being the request Line in the case of a request and the status
line in the case of a response.
2.6. Attribute header=[escaped(headers)]
Specifies HTTP headers to be included in the specified scope
following the escaped encoding defined in DKIM.
3. Security Considerations
3.1. Data outside the specified scope is not authenticated
The integrity check only extends to the portions of the message that
are within the specified scope.
Hallam-Baker Expires April 22, 2013 [Page 5]
Internet-Draft HTTP Integrity Header October 2012
3.2. Truncated Hash Algorithms
If the security context permits the use of a truncated MAC, it MUST
specify the minimum length of the MAC after truncation and verifiers
MUST reject MAC values shorter than that length as invalid.
3.3. Randomness of Secret Keys and nonces
The security of any cryptographic protocol relies on the difficulty
of guessing secret keys. Secret keys and nonces SHOULD be generated
using a mechanism that ensures that the range of possible values is
sufficiently large to prevent 'brute force' guessing attacks. (see
that RFC of EKR's)
3.4. Weak Ciphers
Specification of the cryptographic algorithms used to construct the
Integrity header value is implicit in the Security context identifier
and thus outside the scope of this specification.
4. IANA Considerations
Add the 'Integrity' header to the list of provisional HTTP headers.
[Upgrade if/when this becomes an RFC]
5. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Author's Address
Phillip Hallam-Baker
Comodo Group Inc.
Email: philliph@comodo.com
Hallam-Baker Expires April 22, 2013 [Page 6]