You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current draft encourages determining the Algorithm metadata property from the keyId field, both in the guidance for the use of algorithm and keyId, and the definition for the hs2019 algorithm and deprecation of the other algorithms in the registry. The current state arose from concern that a malicious party could change the value of the algorithm parameter, potentially tricking the verifier into accepting a signature that would not have been verified under the actual parameter.
Punting algorithm identification into keyId hurts interoperability, since we aren't defining the syntax or semantics of keyId. It actually goes against that claim, as we are dictating that the signing algorithm must be specified by keyId or derivable from it. It also renders the algorithm registry essentially useless. Instead of this approach, we can protect against manipulation of the Signature header field by adding support for (and possibly mandating) including Signature metadata within the Signature Input.
The text was updated successfully, but these errors were encountered:
Propagating my jabber comment from today's interim meeting: I think draft-ietf-httpbis-message-signatures should say that specs for protocols built on this header MUST define how the keyId field maps to a key, and then that the key MUST determine the algorithm. That would let this document avoid algorithm identifiers entirely.
Discussion in -03 and -04 should now be clearer in how to use the combination of algorithm and key identifiers within an application of this spec to do secure key and algorithm identification.
The current draft encourages determining the Algorithm metadata property from the
keyId
field, both in the guidance for the use ofalgorithm
andkeyId
, and the definition for thehs2019
algorithm and deprecation of the other algorithms in the registry. The current state arose from concern that a malicious party could change the value of thealgorithm
parameter, potentially tricking the verifier into accepting a signature that would not have been verified under the actual parameter.Punting algorithm identification into
keyId
hurts interoperability, since we aren't defining the syntax or semantics ofkeyId
. It actually goes against that claim, as we are dictating that the signing algorithm must be specified bykeyId
or derivable from it. It also renders the algorithm registry essentially useless. Instead of this approach, we can protect against manipulation of the Signature header field by adding support for (and possibly mandating) including Signature metadata within the Signature Input.The text was updated successfully, but these errors were encountered: