-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revision 10's Extra 'algorithm' Note #29
Comments
Yes, that is the proper interpretation.
You are correct in that the text is more or less moot/useless. We're attempting to deprecate the feature while ensuring backwards compatibility for existing implementations in the field until such a time as the field implementations are updated. We state the same sort of things in multiple places in the specification such that implementers don't miss our desire to deprecate the feature. Do you have a suggestion on better language that would achieve these goals? |
I see, thanks for clarifying! I don't have better language here. However, I now have an additional question in the case of this deprecation: are the existing implementations that depend on only the I am just diving this deep because I am implementing a fresh library in golang and want to be sure it is future-proof and still compatible with existing previously-conforming implementations. Which does mean doing the extra work to add the |
None of the existing implementations will break based on this update. All of the existing implementations should still be semi-compliant with the spec in that none of them were checking metadata associated w/ keyId. We expect that if existing implementations are not upgraded, that they will eventually break once we remove the requirement for the This is just a signal to the implementers that we would like to remove it entirely and to get feedback from them on doing that. We know of no known exploit in the wild that tried to take advantage of the
Great! Can we list you as an implementer? Is your implementation available on the public web (so we can point to it?) |
almost every s2s implementation on this page: https://activitypub.rocks/implementation-report/ uses HTTP Signatures for authenticating the content sent between servers. The largest of these is Mastodon, with 2000 servers and over a million users. (as far as i understand it, this change technically breaks mastodon's implementation since we require the algorithm parameter, and throw an error if it doesn't exist, so an implementation that treated it as optional and didn't include it would not be able to communicate with us. like you said though, no implementations do this currently so it's not a huge deal) |
The projects that i know currently implement HTTP Signatures off the top of my head are Mastodon, Pleroma, Kroeg, Hubzilla, Peertube, Bridgy Fed, and Friendica. I don't know how many of those use existing libraries vs implementing it wholesale, like Mastodon does. |
Note to self (@msporny) to track down implementations and see what libs are being used. Thanks @nightpool! |
as of mastodon/mastodon#7525 mastodon no longer requires the algorithm field. (although we still assume the signature is rsa-sha256) |
@msporny FYI my implementation is available as a stand alone golang lib at: https://github.com/go-fed/httpsig |
@cjslep wrote:
Noted here: #1 (comment) Thank you! I'm in the process of noting all of the other implementations as well. |
This proposal assumes there is metadata the verifier has associated with a keyId. One of the benefits of using PKI is that certificates are issued to identities that don't require knowledge of each other. There is at least one scheme (required in legislation in the EU) that requires attributes encoded in the certificate itself and the specific issuer to be the entire basis of trust and identification when two strangers meet. There is no way to derive the algorithm from any pre-existing metadata or the certificate itself in this instance. This change would make the protocol incompatible with that requirement. If a verifier requires specific attributes of the signature - such as headers, algorithm - then this protocol should allow those to be communicated in a standard way just as e.g. TLS specifies acceptable cipherspecs, and not assume that the verifier will be able to guess, especially as the field of algorithms evolves and broadens. |
I think at some point we should explicitly forbid the legacy mechanisms - I don't think there's much value in publishing a specification that includes legacy sidesteps that came up during its development, and especially ones acknowledged to be removed for good security reasons. Appreciate this is a big change, but then v11 is already quite breaking. Definitely needs discussion... |
The current spec has nothing to do with PKI. I don't think attempting to introduce PKI into a proposal that currently avoids that whole sphere of complexity is a good idea
A scheme of what? Required by who, for what purpose? Such a scheme (if building it is useful) can be productively built on top of HTTP Signatures without requiring us to include it in the base spec. |
Not my intention, but I am trying to make sure we don't cut off potential use cases. PKI was only illustrative.
https://www.berlin-group.org Indeed they can be built on top of this, but not if we don't communicate the hash algorithm: The With the Given the value of |
algorithm could then replace the versionin scheme I proposed here #53 I think that we could define an algorithm table with:
This would simplify the use of sha256 too. |
Revision 10 begins deprecating the 'algorithm' parameter. It added:
I interpreted this as being at verification time. This means that the only way for verification to continue if
algorithm
is provided is for it to match thekeyId
metadata.This makes the following addition in revision 10 kind of moot:
Since they will be the same (having thrown no error), this prioritization shouldn't matter. In the case they aren't the same, an error is produced so it trivially satisfies the MUST NOT.
Is there a nuance I am missing reading these?
The text was updated successfully, but these errors were encountered: