| draft-ietf-httpbis-encryption-encoding-09.txt | draft-ietf-httpbis-encryption-encoding-latest.txt | |||
|---|---|---|---|---|
| HTTP Working Group M. Thomson | HTTP Working Group M. Thomson | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Intended status: Standards Track April 18, 2017 | Intended status: Standards Track July 6, 2018 | |||
| Expires: October 20, 2017 | Expires: January 7, 2025 | |||
| Encrypted Content-Encoding for HTTP | Encrypted Content-Encoding for HTTP | |||
| draft-ietf-httpbis-encryption-encoding-09 | draft-ietf-httpbis-encryption-encoding-latest | |||
| Abstract | Abstract | |||
| This memo introduces a content coding for HTTP that allows message | This memo introduces a content coding for HTTP that allows message | |||
| payloads to be encrypted. | payloads to be encrypted. | |||
| Note to Readers | Note to Readers | |||
| Discussion of this draft takes place on the HTTP working group | Discussion of this draft takes place on the HTTP working group | |||
| mailing list (ietf-http-wg@w3.org), which is archived at | mailing list (ietf-http-wg@w3.org), which is archived at | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| https://github.com/httpwg/http-extensions/labels/encryption [3]. | https://github.com/httpwg/http-extensions/labels/encryption [3]. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 20, 2017. | This Internet-Draft will expire on January 7, 2025. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| skipping to change at page 3, line 5 ¶ | skipping to change at page 3, line 5 ¶ | |||
| 1. Introduction | 1. Introduction | |||
| It is sometimes desirable to encrypt the contents of a HTTP message | It is sometimes desirable to encrypt the contents of a HTTP message | |||
| (request or response) so that when the payload is stored (e.g., with | (request or response) so that when the payload is stored (e.g., with | |||
| a HTTP PUT), only someone with the appropriate key can read it. | a HTTP PUT), only someone with the appropriate key can read it. | |||
| For example, it might be necessary to store a file on a server | For example, it might be necessary to store a file on a server | |||
| without exposing its contents to that server. Furthermore, that same | without exposing its contents to that server. Furthermore, that same | |||
| file could be replicated to other servers (to make it more resistant | file could be replicated to other servers (to make it more resistant | |||
| to server or network failure), downloaded by clients (to make it | to server or network failure), downloaded by clients (to make it | |||
| available offline), etc. without exposing its contents. | available offline), etc. without exposing its contents. | |||
| These uses are not met by the use of TLS [RFC5246], since it only | These uses are not met by the use of TLS [RFC5246], since it only | |||
| encrypts the channel between the client and server. | encrypts the channel between the client and server. | |||
| This document specifies a content coding (Section 3.1.2 of [RFC7231]) | This document specifies a content coding (Section 3.1.2 of [RFC7231]) | |||
| for HTTP to serve these and other use cases. | for HTTP to serve these and other use cases. | |||
| This content coding is not a direct adaptation of message-based | This content coding is not a direct adaptation of message-based | |||
| encryption formats - such as those that are described by [RFC4880], | encryption formats - such as those that are described by [RFC4880], | |||
| [RFC5652], [RFC7516], and [XMLENC] - which are not suited to stream | [RFC5652], [RFC7516], and [XMLENC] - which are not suited to stream | |||
| skipping to change at page 12, line 35 ¶ | skipping to change at page 12, line 35 ¶ | |||
| [FIPS180-4] | [FIPS180-4] | |||
| National Institute of Standards and Technology, U.S. | National Institute of Standards and Technology, U.S. | |||
| Department of Commerce, "NIST FIPS 180-4, Secure Hash | Department of Commerce, "NIST FIPS 180-4, Secure Hash | |||
| Standard", DOI 10.6028/NIST.FIPS.180-4, August 2015, | Standard", DOI 10.6028/NIST.FIPS.180-4, August 2015, | |||
| <http://nvlpubs.nist.gov/nistpubs/FIPS/ | <http://nvlpubs.nist.gov/nistpubs/FIPS/ | |||
| NIST.FIPS.180-4.pdf>. | NIST.FIPS.180-4.pdf>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
| 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | |||
| 2003, <http://www.rfc-editor.org/info/rfc3629>. | 2003, <https://www.rfc-editor.org/info/rfc3629>. | |||
| [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated | [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated | |||
| Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008, | Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008, | |||
| <http://www.rfc-editor.org/info/rfc5116>. | <https://www.rfc-editor.org/info/rfc5116>. | |||
| [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | |||
| Key Derivation Function (HKDF)", RFC 5869, | Key Derivation Function (HKDF)", RFC 5869, | |||
| DOI 10.17487/RFC5869, May 2010, | DOI 10.17487/RFC5869, May 2010, | |||
| <http://www.rfc-editor.org/info/rfc5869>. | <https://www.rfc-editor.org/info/rfc5869>. | |||
| [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Message Syntax and Routing", | Protocol (HTTP/1.1): Message Syntax and Routing", | |||
| RFC 7230, DOI 10.17487/RFC7230, June 2014, | RFC 7230, DOI 10.17487/RFC7230, June 2014, | |||
| <http://www.rfc-editor.org/info/rfc7230>. | <https://www.rfc-editor.org/info/rfc7230>. | |||
| [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | |||
| DOI 10.17487/RFC7231, June 2014, | DOI 10.17487/RFC7231, June 2014, | |||
| <http://www.rfc-editor.org/info/rfc7231>. | <https://www.rfc-editor.org/info/rfc7231>. | |||
| 6.2. Informative References | 6.2. Informative References | |||
| [AEBounds] | [AEBounds] | |||
| Luykx, A. and K. Paterson, "Limits on Authenticated | Luykx, A. and K. Paterson, "Limits on Authenticated | |||
| Encryption Use in TLS", March 2016, | Encryption Use in TLS", March 2016, | |||
| <http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf>. | <http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf>. | |||
| [CLINIC] Miller, B., Huang, L., Joseph, A., and J. Tygar, "I Know | [CLINIC] Miller, B., Huang, L., Joseph, A., and J. Tygar, "I Know | |||
| Why You Went to the Clinic: Risks and Realization of HTTPS | Why You Went to the Clinic: Risks and Realization of HTTPS | |||
| Traffic Analysis", March 2014, | Traffic Analysis", March 2014, | |||
| <https://arxiv.org/abs/1403.0297>. | <https://arxiv.org/abs/1403.0297>. | |||
| [NETFLIX] Reed, A. and M. Kranch, "Identifying HTTPS-Protected | [NETFLIX] Reed, A. and M. Kranch, "Identifying HTTPS-Protected | |||
| Netflix Videos in Real-Time", Proceedings of the Seventh | Netflix Videos in Real-Time", Proceedings of the Seventh | |||
| ACM on Conference on Data and Application Security and | ACM on Conference on Data and Application Security | |||
| Privacy - CODASPY '17 , DOI 10.1145/3029806.3029821, 2017. | and Privacy, DOI 10.1145/3029806.3029821, March 2017. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, | Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, | |||
| <http://www.rfc-editor.org/info/rfc4648>. | <https://www.rfc-editor.org/info/rfc4648>. | |||
| [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. | [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. | |||
| Thayer, "OpenPGP Message Format", RFC 4880, | Thayer, "OpenPGP Message Format", RFC 4880, | |||
| DOI 10.17487/RFC4880, November 2007, | DOI 10.17487/RFC4880, November 2007, | |||
| <http://www.rfc-editor.org/info/rfc4880>. | <https://www.rfc-editor.org/info/rfc4880>. | |||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
| DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
| <http://www.rfc-editor.org/info/rfc5246>. | <https://www.rfc-editor.org/info/rfc5246>. | |||
| [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, | [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, | |||
| RFC 5652, DOI 10.17487/RFC5652, September 2009, | RFC 5652, DOI 10.17487/RFC5652, September 2009, | |||
| <http://www.rfc-editor.org/info/rfc5652>. | <https://www.rfc-editor.org/info/rfc5652>. | |||
| [RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., | [RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., | |||
| "Hypertext Transfer Protocol (HTTP/1.1): Range Requests", | "Hypertext Transfer Protocol (HTTP/1.1): Range Requests", | |||
| RFC 7233, DOI 10.17487/RFC7233, June 2014, | RFC 7233, DOI 10.17487/RFC7233, June 2014, | |||
| <http://www.rfc-editor.org/info/rfc7233>. | <https://www.rfc-editor.org/info/rfc7233>. | |||
| [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Authentication", RFC 7235, | Protocol (HTTP/1.1): Authentication", RFC 7235, | |||
| DOI 10.17487/RFC7235, June 2014, | DOI 10.17487/RFC7235, June 2014, | |||
| <http://www.rfc-editor.org/info/rfc7235>. | <https://www.rfc-editor.org/info/rfc7235>. | |||
| [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | |||
| RFC 7516, DOI 10.17487/RFC7516, May 2015, | RFC 7516, DOI 10.17487/RFC7516, May 2015, | |||
| <http://www.rfc-editor.org/info/rfc7516>. | <https://www.rfc-editor.org/info/rfc7516>. | |||
| [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext | |||
| Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | Transfer Protocol Version 2 (HTTP/2)", RFC 7540, | |||
| DOI 10.17487/RFC7540, May 2015, | DOI 10.17487/RFC7540, May 2015, | |||
| <http://www.rfc-editor.org/info/rfc7540>. | <https://www.rfc-editor.org/info/rfc7540>. | |||
| [XMLENC] Eastlake, D., Reagle, J., Hirsch, F., Roessler, T., | [XMLENC] Eastlake, D., Reagle, J., Hirsch, F., Roessler, T., | |||
| Imamura, T., Dillaway, B., Simon, E., Yiu, K., and M. | Imamura, T., Dillaway, B., Simon, E., Yiu, K., and M. | |||
| Nystroem, "XML Encryption Syntax and Processing", W3C | Nystroem, "XML Encryption Syntax and Processing", W3C | |||
| Recommendation REC-xmlenc-core1-20130411, January 2013, | Recommendation REC-xmlenc-core1-20130411, January 2013, | |||
| <https://www.w3.org/TR/2013/REC-xmlenc-core1-20130411>. | <https://www.w3.org/TR/2013/REC-xmlenc-core1-20130411>. | |||
| 6.3. URIs | 6.3. URIs | |||
| [1] https://lists.w3.org/Archives/Public/ietf-http-wg/ | [1] https://lists.w3.org/Archives/Public/ietf-http-wg/ | |||
| End of changes. 22 change blocks. | ||||
| 24 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||