a Secarta project ...

HTTPsec Authentication Protocol

[ View as one printable page ]

Preamble

1. Introduction
1.1. Editorial Conventions
1.2. Terms
1.3. Identifiers
2. Summary
2.1. Authentication Model
2.2. Peer Identifiers
2.3. Protocol Operation
2.3.1. Initialization
2.3.2. Continuation
3. Protocol Messages
3.1. Initialization Messages
3.1.1. Initialization Request
3.1.2. Initialization Response
3.2. Continuation Messages
3.2.1. Continuation Request
3.2.2. Continuation Response
3.3. Challenge Messages
3.3.1. Challenge Response
3.4. Message Flow
4. Protocol Directives
4.1. id
4.2. dh
4.3. certificate
4.4. url
4.5. group
4.6. nonce
4.7. auth
4.8. token
4.9. signature
4.10. count
4.11. mac
4.12. digest
5. Other Headers
5.1. Content-Encoding
5.2. Cache-Control
5.3. Expires
6. Protocol Computations
6.1. Algorithms
6.1.1. Hash Algorithm
6.1.2. Public Key Algorithm
6.1.3. Encryption Scheme
6.1.4. Signature Scheme
6.1.5. Block Cipher
6.1.6. Block Cipher Mode
6.2. Header Canonicalization
6.3. Initialization Transcript
6.4. Continuation Request Transcript
6.5. Continuation Response Transcript
6.6. Shared Secret
6.7. Keys
6.7.1. MAC Keys
6.7.2. Cipher Keys
6.8. Message Body Ciphering
7. Message Validation
7.1. Initialization Request Validation
7.2. Initialization Response Validation
7.3. Continuation Request Validation
7.4. Continuation Response Validation
8. Cache Considerations
9. Security Considerations
10. References
11. Editor Address

6.2. Header Canonicalization

The values of various HTTP headers [HTTP][ 4.2] other than the protocol headers also feature in protocol computations, notably the signature and message authentication codes. The values of these headers MUST first undergo the following canonicalization transformations, applied in strict order:

  1. Retrieve the header's literal US-ASCII encoded field-value, including any quotes;
  2. Remove all whitespace;
  3. Remove leading or trailing substrings consisting only of semicolons (";") and/or commas (",")
  4. Replace with a single semicolon (";") any internal substring that consists only of semicolons (";") and/or commas (",").

For example, the (albeit unlikely) header field-value ";foo,, ; bar;; foo bar;" becomes "foo;bar;foobar".

Note that this canonicalization is strictly a pre-processing step for the purpose of protocol computations only. It is not a constraint on the actual header field-values that may appear in a message.
© Secarta. All rights reserved.