http-signatures icon indicating copy to clipboard operation
http-signatures copied to clipboard

Published 20 hours ago verified publisher icon w3c-ccg

`algorithm` parameter does not make sense

Open Diggsey opened this issue 4 years ago • 2 comments

Previously, the algorithm parameter contained an actual signature algorithm identifier. This was removed because the verifier might incorrectly use this when verifying the signature, which would leave it vulnerable, instead of determining it from the stored key. Now, the only allowed value for algorithm is hs2019.

Firstly, I think this is an odd stance to take: there are lots of ways to incorrectly implement this RFC such that verification would be vulnerable. (For example, none of the implementations I have seen allow the verifier to specify a minimum set of headers that must be included!) It's inconsistent to make this change without also being more prescriptive about how signatures are verified to avoid the other more common issues.

Secondly, if specifying the algorithm is considered too much of a risk, then this field should be removed entirely. There are a few reasons:

  1. hs2019 serves no purpose, as the RFC does not prescribe a minimum set of supported algorithms corresponding to this identifier.
  2. If version information is required, it could be provided via a version field and avoid being conflated with the algorithm to use.
  3. As long as algorithm is listed as a field in the spec, implementations are just as likely to use it incorrectly when verifying signatures. The problem of "implementations may not follow this rule in the spec" cannot be solved by adding another rule.

In short, either algorithm should be removed entirely, or it should be restored to contain the actual algorithm name.

Diggsey avatar Apr 14 '20 16:04 Diggsey

We just started working on this spec with the http working group. The draft will be uploaded soon on

  • https://github.com/httpwg/http-extensions

And here I shared a commentable gdoc to kick off some discussion with the editors:

  • https://docs.google.com/document/d/1QgSDeWgU-cdFpKI6FiPvGhq6zgdhVE1ZVRcAQZ6AzPE/edit

I think this issue and many others are related to the goal of http-signature to be somewhat backward-compatible.

ioggstream avatar Apr 15 '20 20:04 ioggstream

I've been reading other issues and I'd be interested to know if removing algorithm is what we really want after reading https://github.com/w3c-ccg/http-signatures/issues/54

nhomble avatar Aug 06 '20 00:08 nhomble