search

ietf-wg-gnap / gnap-core-protocol

141 stars 26 forks source link

Add "tag" and other httpsig requirements #469

Closed jricher closed 1 year ago

jricher commented 1 year ago

Closes #467

netlify[bot] commented 1 year ago

Deploy Preview for gnap-core-protocol-editors-draft ready!

Name Link
Latest commit 43647e40e35d315795b3caa9e4d96a5fe9f2a312
Latest deploy log https://app.netlify.com/sites/gnap-core-protocol-editors-draft/deploys/636d23fe1ecfdf00090f44f2
Deploy Preview https://deploy-preview-469--gnap-core-protocol-editors-draft.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

fimbault commented 1 year ago

From the HTTP message sig spec : "tag: An application-specific tag for the signature as a String value. This value is used by applications to help identify signatures relevant for specific applications or protocols." Fair enough, but does a MUST requirement improve the security of the protocol ?

yaronf commented 1 year ago

Fair enough, but does a MUST requirement improve the security of the protocol ?

Yes, because it prevents cross-protocol confusion attacks. Where an attacker tries to use a signed HTTP message from another protocol in GNAP, or vice versa.