a Secarta project ...

HTTPsec Authentication Protocol

[ View as one printable page ]

Preamble

1. Introduction
1.1. Editorial Conventions
1.2. Terms
1.3. Identifiers
2. Summary
2.1. Authentication Model
2.2. Peer Identifiers
2.3. Protocol Operation
2.3.1. Initialization
2.3.2. Continuation
3. Protocol Messages
3.1. Initialization Messages
3.1.1. Initialization Request
3.1.2. Initialization Response
3.2. Continuation Messages
3.2.1. Continuation Request
3.2.2. Continuation Response
3.3. Challenge Messages
3.3.1. Challenge Response
3.4. Message Flow
4. Protocol Directives
4.1. id
4.2. dh
4.3. certificate
4.4. url
4.5. group
4.6. nonce
4.7. auth
4.8. token
4.9. signature
4.10. count
4.11. mac
4.12. digest
5. Other Headers
5.1. Content-Encoding
5.2. Cache-Control
5.3. Expires
6. Protocol Computations
6.1. Algorithms
6.1.1. Hash Algorithm
6.1.2. Public Key Algorithm
6.1.3. Encryption Scheme
6.1.4. Signature Scheme
6.1.5. Block Cipher
6.1.6. Block Cipher Mode
6.2. Header Canonicalization
6.3. Initialization Transcript
6.4. Continuation Request Transcript
6.5. Continuation Response Transcript
6.6. Shared Secret
6.7. Keys
6.7.1. MAC Keys
6.7.2. Cipher Keys
6.8. Message Body Ciphering
7. Message Validation
7.1. Initialization Request Validation
7.2. Initialization Response Validation
7.3. Continuation Request Validation
7.4. Continuation Response Validation
8. Cache Considerations
9. Security Considerations
10. References
11. Editor Address

4.3. certificate

The optional certificate directive in an initialization request and an initialization response provides the sending peer's certificate containing its (purported) authentication public key. The directive may also be employed for informational purposes in a challenge response. In some use-cases a peer's public key is prior-knowledge from the perspective of the other peer, and thus the certificate directive is not required.

If employed, its value MUST be a valid URI as specified in [URI] Section 3. Certificates provided by the certificate directive MUST be in X509 [X509] certificate format to allow (if required) the use of a Public Key Infrastructure.

Implementations MAY support either or all of the following:

  1. transmission of the X509 certificate itself using a "data" URI scheme. [DATA]. For example: 
    certificate=data:application/x-x509-user-cert;base64,MIGfMA0GCSqGSI...
    (the value is lengthy and has therefore been abbreviated; the terminating ellipsis "..." would NOT appear in an actual value)
  2. provision of a URL for retrieving the X509 certificate. For example: 
    certificate=http://alice.example.com/my-cert
  3. use of the bespoke URI "this:entity-body" to indicate that the X509 certificate is carried in the message entity-body. For example 
    certificate=this:entity-body

In all cases, the Mine-Type of the certificate payload MUST be "application/x-x509-user-cert". Certificates in entity-bodies may optionally have the PEM specified header, footer and line breaks.

Note that in the first usage, the certificate payload itself features in the Initialization Transcript and its presence in the initialisation stage is thus authenticated by the signature. This may be considered favourable in some use-cases.
© Secarta. All rights reserved.