#social 2017-08-05

2017-08-05 UTC
JanKusanagi, xmpp-social, tantek, jankusanagi_, timbl and tOkeshu joined the channel
#
tOkeshu hi
#
tOkeshu I'm looking at http signed messages
#
tOkeshu and I lack some crypto knowledge, if anyone could help me that would be nice :)
#
tOkeshu in the spec here https://web-payments.org/specs/source/http-signatures/ there is rsa-sha256 mentionned
#
tOkeshu but it seems there is more to it that just rsa and sha256?
#
tOkeshu does anyone know what is the proper way to sign something with rsa-sha256 ?
#
saranix it's as simple as calling openssl_sign() from most languages
#
saranix the "difficult" part of http sigs is the canonicalization of the headers. But it's a lot easier than the canonicalization of a lot of other algos
#
tOkeshu saranix: canonicalization? you mean translating header to lowercase, etc. ?
#
saranix yes
#
tOkeshu saranix: thanks for the tip, I did not think OpenSSL would allow me to do that, I was looking at more low level libraries
#
tOkeshu key* not keep
#
tOkeshu however, I can't seem to have the correct result: I look at https://web-payments.org/specs/source/http-signatures/#default-test specifically and I use the given keep and try to sign with PyOpenSSL but the result is different for Signature
#
saranix I get a different value too. strange...
#
saranix do you get jKyvPcxB4JbmYY4mByyBY7cZfNl4OW9HpFQlG7N4YcJPteKTu4MWCLyk+gIr0wDgqtLWf9NLpMAMimdfsH7FSWGfbMFSrsVTHNTk0rK3usrfFnti1dxsM4jl0kYJCKTGI/UWkqiaxwNiKqGcdlEDrTcUhhsFsOIo8VhddmZTZ8w= ?
#
tOkeshu yes
#
saranix :-D
#
tOkeshu maybe they signed it with the public key (is such thing possible?)
#
saranix maybe there's a bug in the spec. Or maybe there's something missing from the description "The string to sign would be:" (which I would argue is a bug in the spec)
#
tOkeshu ok then
#
saranix it would be pretty embarrasing if your example is wrong... you'd think they'd double-check that
#
tOkeshu I agree
#
tOkeshu now what bothers me a bit is the algorithm attribute
#
tOkeshu are we expected to allow any algoritm?
#
saranix hmm... I tried the "Basic Test" just for kicks and also wrong sig. That is quite concerning...
#
saranix From what I can tell there are 2 algos specified, hmac, and rsa-sha256 (I think rsa-sha1 and rsa-sha512 are also valid varients)
#
saranix but you don't have to support algos you don't know
#
saranix I'd say most people probably use rsa-sha256
#
saranix For Basic Test I get: HUxc9BS3P/kPhSmJo+0pQ4IsCo007vkv6bUm4Qehrx+B1Eo4Mq5/6KylET72ZpMUS80XvjlOPjKzxfeTQj4DiKbAzwJAb4HX3qX6obQTa00/qPDXlMepD2JtTw33yNnm/0xV7fQuvILN/ys+378Ysi082+4xBQFwvhNvSoVsGv4=
#
saranix for All Headers Test I get: Ef7MlxLXoBovhil3AlyjtBwAL9g4TN3tibLj7uuNB3CROat/9KaeQ4hW2NiJ+pZ6HQEOx9vYZAyi+7cmIkmJszJCut5kQLAwuX+Ms/mUFvpKlSo9StS2bMXDBNjOh4Auj774GFj4gwjS+3NhFeoqyr/MuN6HsEnkvn6zdgfE2i0=
#
tOkeshu same here
#
saranix well that's good I guess
#
tOkeshu another thing that I don't get is, how are clients and servers supposed to discover the keys
#
tOkeshu I the specific case of signed http messages, I guess this is out of the spec. But then what about ActivityPub?
#
saranix For ActivityPub, you use the publicKeyPem attribute on the actor object, or, alternately, the publicKey object parameter
#
tOkeshu I don't see that anywhere in the spec :/
#
saranix https://web-payments.org/vocabs/security#publicKey
#
saranix it's not in ActivityPub. Should be. https://github.com/w3c/activitypub/issues/203
#
Loqi [jaywink] #203 Linked Data Signatures + public key URI
#
saranix As you can tell from the issue comments there's still some unsettled things around this issue.
#
saranix how did you find out about httpsigs?
#
tOkeshu well it is mentionned in the AP spec
#
tOkeshu there https://www.w3.org/TR/activitypub/#authorization-lds
#
jaywink These things really need to locked in spec if we ever want any implementations that interop ?
#
saranix it actually points to https://www.w3.org/TR/activitypub/#provideClientKey
#
saranix eww
#
saranix that's an ugly way
#
saranix I like publicKeyPem better
#
tOkeshu what I don't grasp though, is that, for me, this mechanism was supposed to verify s2s exchanges (to avoid posting data on the behalf of someone without authorization), so I don't understand why it has to be in the actor object
#
saranix tOkeshu: you stepped on a landmine :-) That's a hot topic around here... the server isn't it's own entity yet it's trusted to hold keys
#
tOkeshu haha damn
#
Loqi tOkeshu: lol
#
saranix I'd be happy for you to join my small faction in support of better semantics :-)
#
tOkeshu I mean there is more to it than I thought. Do http sig actually works for enforcing that a server is publishing content only on the behalf of it's own users and not others?
#
jaywink t0keshu, not in delivery - the receiver must lookup the object. Some content is forwarded so you can't trust incoming payloads unless using signatures in object
#
saranix tOkeshu: yeah that's pretty much it. Considering https is a thing, it doesn't really add much
#
saranix tOkeshu: it does allow multiple applications on a single origin though
#
saranix ... which I think is the intention
#
jaywink Unfortunately it seems only ldsigs is seen as an option by people and that option isn't going to work
#
jaywink I mean an option for object sigs
#
saranix jaywink: what do you mean it won't work?
#
jaywink Too difficult has been afaict the outcome - or has someone now done it?
#
jaywink The spec is kind of half unfinished
#
saranix jaywink: I think puckipedia has a proof-of-concept
#
tOkeshu you mean half finished
#
jaywink Half full, half empty ?
#
tOkeshu :D
#
jaywink saranix, ok missed that
#
saranix I haven't gotten around to mine yet. I haven't a clue when I will either...
#
saranix I like ld-sigs over salmon because of the potential for non-exploding objects
#
jaywink Tbh, I'm bending over to accept http sigs + lookup to verify always :P even though it sucks and is terrible. The important thing would be specifying *something* in the spec
#
jaywink If the spec just vaguely suggests a few things nothing is going to interop unless all developers contact all projects to see their implementation
#
tOkeshu I'm still confused how any of that can sort out forget activities from legit ones tbh :/
#
tOkeshu forged*
#
saranix tOkeshu: if you've got social app at http://mysite.example/social, and somewiki at http://mysite.example/somewiki, http sigs basically doesn't allow somewiki to pretend to be social's users and vice-versa
#
saranix jaywink: I'm not happy about fetching every sub-object either. It's explosive datarhea
#
tOkeshu saranix: how is that? is it assuming the keys are already exchanged?
#
saranix tOkeshu: well the actor's key would have to be published under the same tree, because the same softwares would have control over that tree
#
tOkeshu saranix: can we take it step by step?
#
tOkeshu I am mysite.evil.com
#
tOkeshu I want to post something on the behalf of mysite.example
#
tOkeshu I push an activity to mysite.something.de
#
tOkeshu the signature can still be valid right?
#
saranix yes that's another feature...
#
saranix but I think because of the way the AP spec works, most people will still end up just fetching https://mysite.example/post/uuid anyway
#
saranix you have to if it's a subobject... unless you move up from http-sigs to either ld-sigs or magic-env sigs
#
tOkeshu what about a like? A like is in the form of {"type": "Like", "actor": "http://mysite.example", "object": "http://mysite.something.de", "id": "mysite.evil.com"}
#
tOkeshu in this case I try to pretend something was liked by actor. The activity is still dereferencable from mysite.evil.com
#
jaywink You should imho always fetch the original
#
Loqi yea!
#
jaywink Http sigs doesn't help at all but it allows authentication for non-public objects
#
saranix yeah, authentication is really it's primary use
#
tOkeshu jaywink: but the "original" is available on mysite.evil.com. So you would get the same object anyway.
#
tOkeshu there is just a missmatch between the actor's origin and the activity's origin
#
tOkeshu which I guess, should be the same? always?
#
saranix tOkeshu: as I said, feature. That's so you can post on a forum or in a friend's collection elsewhere
#
saranix ideally, you'd still want the canonical to be your own origin though, just so you can keep your document safe from site closures
#
saranix http-sigs won't allow that though because http-sigs is ephemeral. You are signing the headers of a particular http transaction
#
saranix you need ld-sigs or better for that
#
tOkeshu hmmm ok
#
jaywink Isn't the object id *always* the original
#
jaywink I mean that is what id is for, saying what the identifier of this object is
#
tOkeshu jaywink: I don't get your point
#
tOkeshu anyway, I guess since this part of the spec is a bit dangling, I should probably not implement that right now
#
tOkeshu if anyone is curious, my implementation is writing in django there: https://github.com/tOkeshu/activitypub-example
#
Loqi [tOkeshu] activitypub-example: An ActivityPub server implementation example
#
tOkeshu it's more of a prototype server for tests than anything else to be honest
#
tOkeshu (I plan to write a more concrete implementation for a clone of mastodon, in django too)
#
saranix yay! congrats tOkeshu
#
Loqi ?
#
tOkeshu saranix: I don't why you're congratulate me but thanks :D
#
tOkeshu (arf sorry, my english is terrible today)
#
saranix tOkeshu: for writing a test impl. it's a milestone :-)
#
saranix but back to what jaywink said, the point of http-sigs is for private auth. So, for example http://bob.example can fetch a http://sue.example/posts/for-bob-only-1234 by authenticating as Bob.
#
tOkeshu I see!
#
tOkeshu saranix: wait, how do you know it's bob in the signature? or do you map implicitely the post with bob's key?
JanKusanagi joined the channel
#
saranix tOkeshu: bob's activitypub sends a http signed get request for the post, sue's server authorizes it because it's visible to "http://bob.example" (an actor object) which has bob's key attached to it
#
saranix tOkeshu: similarly, bob's activitypub could POST an {type:Add, object:bobs_thing, target:sues_collection}, and if sue allows bob to do this the server authenticates the POST
tOkeshu joined the channel