Giters

w3c-ccg / http-signatures

Signing HTTP Messages specification

Home Page:https://w3c-dvcg.github.io/http-signatures/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

2.1.2 signature in version 11 spec still tells people to use the algorithm parameter to sign.

aljones15 opened this issue · comments

commented

2.1.2 signature
REQUIRED. The signature parameter is a base 64 encoded digital signature, as described in RFC 4648, Section 4. The client uses the algorithm and headers Signature Parameters to form a canonicalized signing string. This signing string is then signed with the key associated with keyId and the algorithm corresponding to algorithm. The signature parameter is then set to the base 64 encoding of the signature.

The spec specifies that the algorithm and possible hash function for sign should be in the metadata received when we dereference keyId:

2.1.3 algorithm
RECOMMENDED. The algorithm parameter is used to specify the signature string construction mechanism. Valid values for this parameter can be found in the HTTP Signatures Algorithms Registry and MUST NOT be marked "deprecated". Implementers SHOULD derive the digital signature algorithm used by an implementation from the key metadata identified by the keyId rather than from this field. If algorithm is provided and differs from the key metadata identified by the keyId, for example rsa-sha256 but an EdDSA key is identified via keyId, then an implementation MUST produce an error. Implementers should note that previous versions of the algorithm parameter did not use the key information to derive the digital signature type and thus could be utilized by attackers to expose security vulnerabilities.

algorithm is intended as check, but to not actually contain the name of algorithm used to sign. Hence this line:

This signing string is then signed with the key associated with keyId and the algorithm corresponding to algorithm.

should be

This signing string is then signed with the key associated with keyId and the algorithm found in the key meta-data.

or am I wrong and algorithm is used to determine the hash function?
if that is the case then shouldn't the algorithm be used first then the key to sign?

commented

The encryption algorithm and hashing algorithm should be derived from the keyid, so as far as I'm aware this is a bug.

Should we even have the algorithm header present? I'd say we should delete the parameter altogether as to not confuse developers.

commented

The encryption algorithm and hashing algorithm should be derived from the keyid, so as far as I'm aware this is a bug.

Should we even have the algorithm header present? I'd say we should delete the parameter altogether as to not confuse developers.

The spec implies that algorithm sticks around as a check on the meta-data, and if this line is changed I think the spec will get across that point fairly.