Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.2.0 #30

Merged
merged 95 commits into from
May 16, 2024
Merged

0.2.0 #30

merged 95 commits into from
May 16, 2024

Conversation

junkurihara
Copy link
Owner

This PR contains a lot of brand-new features related to HTTP message signatures (RFC9421) for Mutualized Oblivious DNS over HTTPS.

  • Support DH Key-exchange based HMAC signature and public key based signature for HTTP message signatures
    • DHKex (X25519 and ECDH-P256) based HMAC-SHA256 signature
    • Public key based signature (EdDSA and ECDSA-P256)
  • Wire protocol and wire format for exposed public keys.
  • New features called "httpsig transition margin": This allows us to solve problems related to key updates. In particular, even if new public keys are published for DHKex at a sender and the latest keys are not yet fetched by a receiver (i.e., the receiver still have stale public keys of the sender), the receiver can still verify the request dispatched from the sender securely. This is really demanded in the async key exchange situations like our httpsig public key rotation scenario.
  • Support online registry hosting a list of HTTP message signatures enabled domains, much like the dnscrypt/dnscrypt-resolvers. Unlike the list fetched by clients, the registry for http message signatures enabled domains is referred to by relays and target resolvers.

junkurihara and others added 30 commits January 19, 2024 16:56
@junkurihara
docs: wip updating docker documatations
8c02764
@junkurihara
docs: draft completed. needs review
f1a8019
@junkurihara
docs: update docker-otel readme
632db46
@junkurihara
docs: typo
898d9b1
@junkurihara
Merge pull request #12 from junkurihara/docs/docker
00953af 
docs: docker documatations
@junkurihara
[ci skip] Update README.md
f21b641
@junkurihara
chore: deps
d221070
@dependabot
chore(deps): update derive_builder requirement in /modoh-bin
74d16c3 
Updates the requirements on [derive_builder](https://github.com/colin-kiegel/rust-derive-builder) to permit the latest version.
- [Release notes](https://github.com/colin-kiegel/rust-derive-builder/releases)
- [Commits](colin-kiegel/rust-derive-builder@v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: derive_builder
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): update derive_builder requirement from 0.12.0 to 0.13.0
a5d5ae2 
Updates the requirements on [derive_builder](https://github.com/colin-kiegel/rust-derive-builder) to permit the latest version.
- [Release notes](https://github.com/colin-kiegel/rust-derive-builder/releases)
- [Commits](colin-kiegel/rust-derive-builder@v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: derive_builder
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@junkurihara
Merge pull request #13 from junkurihara/dependabot/cargo/modoh-bin/de…
7535596 
…rive_builder-0.13.0

chore(deps): update derive_builder requirement from 0.12.0 to 0.13.0 in /modoh-bin
@junkurihara
Merge pull request #14 from junkurihara/dependabot/cargo/derive_build…
aee90f1 
…er-0.13.0

chore(deps): update derive_builder requirement from 0.12.0 to 0.13.0
@dependabot
chore(deps): bump kaisugi/action-regex-match from 1.0.0 to 1.0.1
4a94225 
Bumps [kaisugi/action-regex-match](https://github.com/kaisugi/action-regex-match) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/kaisugi/action-regex-match/releases)
- [Commits](kaisugi/action-regex-match@v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: kaisugi/action-regex-match
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@junkurihara
Merge pull request #15 from junkurihara/dependabot/github_actions/kai…
ca3d4a7 
…sugi/action-regex-match-1.0.1

chore(deps): bump kaisugi/action-regex-match from 1.0.0 to 1.0.1
@junkurihara
deps
3c521e7
@junkurihara
refactor
a88bff1
@junkurihara
deps
c8a87fa
@junkurihara
add configuration options for httpsig
8b5cb8a
@junkurihara
add comment
1680854
@junkurihara
wip
bca8847
@junkurihara
wip: dh being implemented
d3f75e0
@junkurihara
wip: dh being implemented
bb4e0e6
@junkurihara
deps
17339b7
@junkurihara
wip: change strategy to support both dh-based and simple asymmetric sig
86ca854
@junkurihara
wip: should we make httpsig mod separeted?
152aa72
@junkurihara
wip: split modoh-proto from lib
b8077a8
@junkurihara
wip: dh proto
f197b10
@junkurihara
wip: serialize and deserialized mixed config vector
ea7a886
@junkurihara
refactor: change name
8c81529
@junkurihara
wip: implementing message signature into modoh
70e0151
@junkurihara
refactor
b08d95a
junkurihara and others added 29 commits March 19, 2024 12:00
@junkurihara
wip add constants
8385a63
@junkurihara
wip
9f5b78e
@junkurihara
feat: add feature to host registry markdown on https
64f6674
@junkurihara
refactor
2acd289
@junkurihara
chore: deps
445ad4e
@junkurihara
feat: add reader for registry
aac943f
@junkurihara
chore: add comments
c4292bb
@junkurihara
add comment
5cf279a
@junkurihara
feat: add registry service
a0361b7
@junkurihara
Merge pull request #27 from junkurihara/tmp/httpsig-pk-registry
a47fae8 
support httpsig pk registry
@junkurihara
fix test
9fb4106 
fix test
@junkurihara
feat: exclude my hostname from fetch httpsig pk endpoint
a3127ab
@junkurihara
deps
91cb45e
@junkurihara
chore: deps
688c6a8
@junkurihara
chore: bump deps
59eb3f2
@junkurihara
chore: deps hyper-rustls
1b4609f
@dependabot
chore(deps): bump ubuntu from 22.04 to 24.04 in /docker
f98b532 
Bumps ubuntu from 22.04 to 24.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@junkurihara
chore: deps
5d9b944
@junkurihara
Merge pull request #28 from junkurihara/dependabot/docker/docker/ubun…
0790fbe 
…tu-24.04

chore(deps): bump ubuntu from 22.04 to 24.04 in /docker
@junkurihara
Merge remote-tracking branch 'origin/develop' into feat/httpsig
ad95ad5
@junkurihara
Merge remote-tracking branch 'origin/develop' into feat/httpsig
b558c08
@junkurihara
remove version from docker-compose.yml
32b24cd
@junkurihara
update structure image with httpsig
db668e4
@junkurihara
docs: wip - adding httpsig config options
3edae3a
@junkurihara
docs: wip
f46cebb
@junkurihara
chore: refactor
3ef1c51
@junkurihara
docs: add documents for http-message-signature in readme
c792aa6
@junkurihara
fix: wrong docs for docker env options + chore: deps
6fdf250
@junkurihara
Merge pull request #24 from junkurihara/feat/httpsig
3150ff8 
feat: Add http message signature (RFC9421) based request authentication for allowed sources
@junkurihara junkurihara merged commit cb030b5 into main May 16, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@junkurihara