a Secarta project ...

HTTPsec Authentication Protocol

[ View as one printable page ]

Preamble

1. Introduction
1.1. Editorial Conventions
1.2. Terms
1.3. Identifiers
2. Summary
2.1. Authentication Model
2.2. Peer Identifiers
2.3. Protocol Operation
2.3.1. Initialization
2.3.2. Continuation
3. Protocol Messages
3.1. Initialization Messages
3.1.1. Initialization Request
3.1.2. Initialization Response
3.2. Continuation Messages
3.2.1. Continuation Request
3.2.2. Continuation Response
3.3. Challenge Messages
3.3.1. Challenge Response
3.4. Message Flow
4. Protocol Directives
4.1. id
4.2. dh
4.3. certificate
4.4. url
4.5. group
4.6. nonce
4.7. auth
4.8. token
4.9. signature
4.10. count
4.11. mac
4.12. digest
5. Other Headers
5.1. Content-Encoding
5.2. Cache-Control
5.3. Expires
6. Protocol Computations
6.1. Algorithms
6.1.1. Hash Algorithm
6.1.2. Public Key Algorithm
6.1.3. Encryption Scheme
6.1.4. Signature Scheme
6.1.5. Block Cipher
6.1.6. Block Cipher Mode
6.2. Header Canonicalization
6.3. Initialization Transcript
6.4. Continuation Request Transcript
6.5. Continuation Response Transcript
6.6. Shared Secret
6.7. Keys
6.7.1. MAC Keys
6.7.2. Cipher Keys
6.8. Message Body Ciphering
7. Message Validation
7.1. Initialization Request Validation
7.2. Initialization Response Validation
7.3. Continuation Request Validation
7.4. Continuation Response Validation
8. Cache Considerations
9. Security Considerations
10. References
11. Editor Address

4.11. mac

The mac directive in a continuation request and a continuation response is a keyed message authentication code computed on the values of protocol directives and specific HTTP headers present in that continuation transaction. It employs a MAC Key derived from the Shared Secret.

To create a message authentication code for a message either prior to sending it or in order to validate it, the appropriate computation is made as follows:

Request:
   mac = base64enc( HMAC( request-mac-key,  request-transcript  ) )

Response:
   mac = base64enc( HMAC( response-mac-key, response-transcript ) )

where the following apply:

The message authentication codes are formulated so as to provide the following:

  • message originator authentication;
  • integrity protection for the protocol directives of this specification;
  • integrity protection for the minimal set of HTTP headers designated as "non-modifiable" by intermediate caches [HTTP][ 13.5.2]. These headers are Content-Location, Content-MD5, ETag, Last-Modified, Expires, Content-Range, and Content-Type;
  • integrity protection for the message entity-body, if accompanied by a digest directive.

The sender of a message computes and provides the message authentication code for that message. To validate it, the recipient of the message also computes its message authentication code and compares the received value with the computed value. If (1) they are strictly equal, and (2) the digest directive (if present) is confirmed to indeed equal the hash of the message entity-body, then the above authentication characteristics are considered to be established. If not, the message MUST be rejected. This two stage process permits computationally inexpensive invalidity checks to be performed before embarking on the potentially expensive process of computing the digest over an arbitrary length entity-body.
© Secarta. All rights reserved.