#social 2018-09-11

2018-09-11 UTC
# 05:31 
heluecht[m] Looking in data that arrived on my system I saw that the signed data includes some "digest". Hos is this generated?
xmpp-social, rialtate[m], cwebber2, vt and edsu_ joined the channel
# 10:22 
puckipedia heluecht[m]: the digest in the signature is the Digest header, which just contains a hash over the body of the request
# 10:40 
heluecht[m] Is there some more documentation/sample code how to generate the digest? Of course I can reengineer it - but having some more documentation could be helpful. Is the digest some standard stuff in HTTP? I haven't really noticed it until now.
# 10:48 
puckipedia the digest is just ths SHA-256 over the raw body of the request/response
# 10:50 
puckipedia e.g. if you have a "POST /inbox HTTP/1.1\r\nContent-Length: 2\r\n\r\n{}" the digest header looks like "Digest: SHA-256=RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o" iirc
# 10:50 
puckipedia (which is the SHA256 of '{}')
edsu and cwebber2 joined the channel
# 11:17 
heluecht[m] Do I have to validate the digest manually or is it done in the protocol?
# 11:27 
JasonRobinson[m] none of this stuff is in AP directly
# 11:58 
puckipedia heluecht[m]: my suggestion, primarily, is to just validate the digest any time you receive it, even if it's not specifically signed
# 12:36 
nightpool[m] heluecht: digest is an actual HTTP header, yes.
# 13:38 
heluecht[m] The question is if the digest is checked by some internal routine - and what would happen when it was wrong. So possibly it is the best to do like puckipedia said: Just validating it on the receiving side as well, just to be sure.
# 13:47 
nightpool[m] the digest is computed when checking the HTTP signature, if the application supports it
# 13:49 
nightpool[m] I don't see a point to validating the digest separately from the signature. I'm not sure what puckipedia's point is. it's possible your http signature library doesn't support validating it though.
# 13:51 
heluecht[m] I want to guarantee that a signature can't be reused. So I have to use values for the signatur that changes per each single activity. But when the digest wouldn't be checked at the receiver, then an attacker could simply replicate the same digest over and over again.
# 13:51 
nightpool[m] that's a different concern
# 13:52 
nightpool[m] just make sure you're signing the Date header and the Host header, and it will be impossible to re-use a signature
# 13:52 
nightpool[m] because you're assumed to be transporting these over HTTPS
# 13:52 
heluecht[m] You could always send the same date over and over again.
# 13:52 
heluecht[m] Or who is checking these value at the receiving side.
# 13:53 
heluecht[m] I don't want to rely only upon HTTPS. Neither DFRN (Friendica) nor Diaspora are doing so. They both use signatures based upon the content.
# 13:54 
nightpool[m] hmm
# 13:54 
nightpool[m] I'm not sure what you mean
# 13:55 
nightpool[m] Signatures are for client -> server authentication
# 13:55 
nightpool[m] HTTPS is for transport confidentiality and server <- client authentication
# 13:56 
nightpool[m] sorry server -> client
# 13:56 
nightpool[m] they serve different purposes
# 13:59 
nightpool[m] anyway, to your point about "who is validating these things"—im not seeing anything in HTTP Signatures about recommended validation. that's probably bad
# 13:59 
nightpool[m] mastodon validates that the Date header is within 5 minutes and that the request target matches the actual request
vasilakisfil joined the channel
# 14:00 
nightpool[m] and validates the digest iff the digest is specified, but does not require it
# 14:09 
heluecht[m] With signatures I mean the HTTP signatures for server -> server.
# 14:12 
nightpool[m] sorry that was confusing
# 14:12 
nightpool[m] I was using client/server in the HTTP sense
# 14:12 
nightpool[m] not the AP sense
up201705417 joined the channel
# 14:14 
heluecht[m] Ah okay. I'm very good in misinterpretations ;-)
# 14:16 
heluecht[m] Since I made a very fast progress the last days, I guess I will invest some time in additional security checks. When AP will work reliantly with everything that currently DFRN is able to, I want to replace our own protocol completely. But to make this possible, I have to ensure our users to not compromise security.
vt joined the channel; vt left the channel
# 15:00 
puckipedia <nightpool[m]> I don't see a point to validating the digest separately from the signature. I'm not sure what puckipedia's point is. it's possible your http signature library doesn't support validating it though. <- Digests aren't always SHA-256
# 15:01 
nightpool[m] hmm
# 15:03 
cwebber2 hello
# 15:14 
heluecht[m] puckipedia: Is there a list of common hashes for the digests?
# 15:14 
puckipedia it's part of the http spec
# 15:15 
puckipedia https://tools.ietf.org/html/rfc3230 https://tools.ietf.org/html/rfc5843
# 15:15 
puckipedia seems rfc3230 specifies MD5, SHA, UNIXsum, UNIXcksum
# 15:19 
heluecht[m] I guess I will ignore that "sum" things, but will put the others in a list. I think that checking the digest should be specified in the specs.
# 15:23 
nightpool[m] this all seems to ignore the real issue
# 15:23 
nightpool[m] which is that we have no minimum required secure configuration for HTTP sigs
# 15:23 
nightpool[m] we should work to standardize that, at least for AP
# 15:50 
aaronpk HTTP signatures seems to be essentially a framework for signing requests rather than a concrete spec, so it makes sense for AP to specify more detail on that
# 16:24 
saranix "it makes sense for AP to specify more detail on that" --> no more than it makes sense for AP to specify exactly what an inbox url has to look like. There are different usecases that require different things. Guidance here: https://web-payments.org/specs/source/http-signatures-audit/
# 16:25 
saranix linked from main spec: https://tools.ietf.org/html/draft-cavage-http-signatures-10#ref-15
up201705417 and edsu joined the channel
# 16:40 
aaronpk but uh
# 16:40 
aaronpk AP *is* a use case
up201705417 and vt joined the channel; vt left the channel