Internet Engineering Task Force | P. M. Hallam-Baker |
Internet-Draft | Comodo Group Inc. |
Intended status: Standards Track | R. N. Stradling |
Expires: April 06, 2012 | Comodo CA Ltd. |
October 04, 2011 |
The di (DIGEST) URI Scheme
draft-hallambaker-digesturi-02
A URI scheme for referencing static data abjects by means of a cryptographic digest mechanism is specified. The format is designed to resist content type substitution attacks and supports a choice of digest algorithms.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 06, 2012.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
The following terms are used in this document:
Provides a strong reference to a static data object.
Does not provide a means of resolution.
Allows an authenticated data source to provide an authenticated reference to a static data object.
Intended applications include creating references from
For example, the following digest URI specifies a reference to the text "Hello World !" using the SHA-2 algorithm with 256 bit output:
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc
Message Digest algorithms are designed to provide protection against a collision attack. Due to the birthday paradox, this requires that the digest length be twice the length of a encryption or authentication key to achieve the same work factor.
The digest portion MAY be truncated at any 32 bit boundary. If a truncated digest is used the query separator '?' MUST be specified.
di:sha-256;B_K97zTtFuOhug27fke4_Q?
The semantics of a digest being used to establish a secure reference from an authenticated source to an external source may be a function of associated meta data such as the content type. This data MAY be specified by means of a parameter:
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc?ct=text/plain
A digest identifier MAY provide a location from which the referenced content MAY be available. Note however that since it is statistically unlikely that a given identifier will correspond to more than one content sequence, the actual location from which the data is retrieved is immaterial.
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc?http=di.example.com
The corresponding content MAY be retrieved from the URL:
http://di.example.com/.well-known/di/sha-256/B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc
A digest identifier MAY specify multiple locations from which the content MAY be obtained:
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc? http=one.example.com&http=two.example.com
Asserts that the content may be retrieved from either of the following URIs:
http://one.example.com/.well-known/di/sha-256/B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc http://two.example.com/.well-known/di/sha-256/B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc
A digest identifier MAY provide a key for decrypting the referenced data.
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc? enc=aes-cbc:Fw3x20nEKfq6FDGzq7ttIQ
The DIGEST URI Type has the following format:
"di:" algorithm ";" digest [ "?" tag "=" value [ "&" tag "=" value ] * ]
Section 2.2 of [RFC4395] states [URI schemes that are not intended for use with relative URIs SHOULD avoid use of the forward slash "/" character, which is used for hierarchical delimiters, and the complete path segments "." and ".." (dot-segments).]
Consequently the encoding of the digest value is effected using the base64url encoding specified in Section 5 of [RFC4648] which avoids the use of the forward slash '/' character.
The query segment of a URI is NOT hierarchical. Thus escape encoding of slash '/' characters is NOT required.
Section 3.4 of [RFC3986] states [The characters slash ("/") and question mark ("?") may represent data within the query component.]
Consequently no special escaping mechanism is required for the query parameter portion of the URI. URI escaping is however frequently imposed automatically by scripting environments. Thus to ensure interoperability, implementations SHOULD NOT generate URIs that employ URI character escaping and implementations MUST accept and URIs that employ URI character escaping.
Implementations MUST support the sha-256 algorithm as specified in [RFC4055].
Implementations MAY support other algorithms specified in the Data Structure for the Security Suitability of Cryptographic Algorithms registry 'Cryptographic Algorithms' [RFC5698].
The Content Type "ct" parameter specifies the MIME Content Type of the associated data as defined in [RFC4288]
The http and https parameters are used to specify a possible means of resolving the referenced content. Mulltiple locator parameters MAY be used to specify alternative sources for accessing the content.
The http and https parameters take a single argument, the domain name to be used for resolution. To permit the use of digest URIs in ASCII-only environments, the ASCII encoding (aka punycode) of the domain name MUST be used.
To resolve such a location reference, a client first transforms the digest URI to obtain a http or https url as follows:
URL = prefix + domain + "/.well-known/di/" + algorithm + digest
Where:
Implementations MUST NOT disclose any other data. In particular implementations MUST NOT disclose the query parameter portion of the URI.
The encryption and MIME encryption specifiers are used to provide a means of obtaining the plaintext of a reference to encrypted content.
The enc specifier is used when the encrypted object consists of the encrypted content alone. The menc spcifier is used when the encrypted object consists of a MIME header containing metadata followed by the binary object encoding.
The encryption specifiers both take an agrument of the form:
algorithm ":" base64url (key) [":" base64url (iv)]
Where
No secret information is required to generate a DIGEST URI. Therefore a DIGEST URI only provides a proof of integrity for the referenced object and the proof of integrity provided is only as good as the proof of integrity for the DIGEST URI value.
Disclosure of a DIGEST URI value does not necessarily entail disclosure of the referenced object but may enable an attacker to determine the contents of the referenced object by reference to a search engine or other data repository.
[The digest algorithm MUST be strong]
[For most use cases collision resistance is a requirement]
The procedures for registration of a URI scheme are specified in RFC 4395 [RFC4395]. The following is the proposed assignment template.
URI scheme name: di
Status: Permanent
URI scheme syntax. See Section 3.1
URI scheme semantics. See Section 3.2
Encoding considerations. See Section 3.1.1
Applications/protocols that use this URI scheme name: General applicability with initial use cases provided by WEBSEC and DECADE
Interoperability considerations: TBS
Security considerations: See Section 4
Contact: IETF / Phillip Hallam-Baker
Author/Change controller: IETF / Phillip Hallam-Baker
References: As specified in this document
The procedures for registration of a Well Known URI entry are specified in RFC 5785 [RFC5785]. The following is the proposed assignment template.
URI suffix: di
Change controller: IETF
Specification document(s): This document
Related information: None
[Added in case it is decided to specify truncated forms of the cryptographic digests]
The procedures for registration of a Cryptographic Algorithm identifier are specified in RFC 5698 [RFC5698]. The following is the proposed assignment template.
Textual name of the algorithm: SHA-128
OID of the algorithm: [TBS]
Reference: This document.
This specification creates a new IANA registry entitled "DI URI Parameter Definitions".
The policy for future assignments to the registry is "RFC Required".
[RFC3642] | Legg, S., "Common Elements of Generic String Encoding Rules (GSER) Encodings", RFC 3642, October 2003. |
[NIST-ALGS] | National Institute of Standards and Technology , "Cryptographic Algorithm Registration", March 2009. |
The Digest URI of the text file "Hello World !" is computed as follows:
Depending on the context, the digest URI MAY be specified using the digest value alone or the digest value plus content type parameter:
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc
di:sha-256;B_K97zTtFuOhug27fke4_Zgc4Myz4b_lZNgsQjy6fkc?ct=text/plain