Internet DRAFT - draft-palmer-signature-link-relation
draft-palmer-signature-link-relation
Network Working Group S. Palmer
Internet-Draft Independent
Expires: June 10, 2016 December 8, 2015
Signature Link Relation for Cryptographic Resource Verification
draft-palmer-signature-link-relation-00
Abstract
This document specifies a way to associate web resources with their
corresponding digital signatures. A signature can then be verified
automatically during the process of downloading a resource.
Infomation presented to the user about the verification results may
enable them to make wiser security decisions about downloaded
content.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 10, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Palmer Expires June 10, 2016 [Page 1]
Internet-Draft Signature Link Relation December 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Link relation . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Hypertext attribute . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.1. Normative References . . . . . . . . . . . . . . . . . . 4
6.2. Informative References . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction
Links to downloadable content on the web are sometimes accompanied by
a further link to a digital signature. The digital signature proves
that the content is signed, and hence endorsed, by the owner or
owners of a secret cryptographic key. Digital signature links are,
however, presently embedded in documents in an ad hoc fashion making
the automatic checking of signatures difficult. As a result, user
workflow is to download content and signatures individually,
requiring them to locate both files in the local filesystem and pass
them to verification software external to their web client.
Verification software is often terminal based, and has attracted
criticism for poor user interface decisions [DJB]. The existing
signature workflow exacerbates this problem, and makes it much less
likely that a user will verify content compared to if their client
had performed these steps for them.
For signature verification to be automated, content must be
associated with signatures through metadata in a structured and
machine-readable way. This document provides such metadata in the
form of a link relation called "signature" (Section 2). An HTML
attribute called "rels" (Section 3) is also provided, which allows
the link relations of a resource to be known before any request is
made. When a web client such as a browser implements this metadata,
the user can be automatically presented with a summary of the
verification process, including whether it succeeded or failed, and
what the claimed identity and web of trust characteristics are of the
signing key.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
Palmer Expires June 10, 2016 [Page 2]
Internet-Draft Signature Link Relation December 2015
2. Link relation
This section defines a new link relation called "signature". The
value of this link relation is a cryptographic digital signature of
the resource to which the link relation applies. The value SHOULD
identify an OpenPGP detached signature as defined in Section 11.4 of
[RFC4880], with the syntax specified in Section 6.2 of [RFC4880].
The target resource SHOULD be served with the media type
"application/pgp-signature" as defined in [RFC3156]. Other formats
MUST be distinguished either by a separate media type, or by
extension of the OpenPGP syntax specified in Section 6.2 of
[RFC4880].
Example of the use of this relation in HTML:
<link rel="signature" href="index.html.sig">
In formats which use URLs as properties, the following URL may be
used as a link relation property once registered with the IANA per
Section 6.2.1 of [RFC5988]:
http://www.iana.org/assignments/relation/signature
3. Hypertext attribute
This section defines a "rels" attribute, for use on all elements
where "rel" is permitted in HTML ([RFC2854]) and in all contexts
where HTML content is permitted such as in applications of XML
([XML]). The syntax of the "rels" attribute value is a whitespace
separated sequence of whitespace separated pairs of link relations
and URL values. Relative URL values are resolved against the current
resource URL as a base, not the target of the "href" attribute. The
effect is that each pair of link relations and URL values applies to
the resource identified by the "href" attribute.
The "rels" attribute allows the discovery of the link relationships
of a hyperlinked resource before any request is made. It may, for
example, be used in conjunction with "signature" link relation:
You may download the signed <a href="software.tar.gz"
rels="signature software.tar.gz.sig">software</a>.
4. Security Considerations
The extensive security considerations listed in Section 14 of
[RFC4880] also apply here.
Palmer Expires June 10, 2016 [Page 3]
Internet-Draft Signature Link Relation December 2015
5. Acknowledgements
Reviews and comments were received from Daniel Gruno, David P.
Kendal, and John Cowan.
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
[RFC2854] Connolly, D., "The 'text/html' Media Type", June 2000.
[RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler,
"MIME Security with OpenPGP", August 2001.
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", November 2007.
[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", January 2005.
[RFC5988] Nottingham, M., "Web Linking", October 2010.
6.2. Informative References
[DJB] Bernstein, D., Heninger, N., and T. Lange, "The Year in
Crypto", December 2013,
<https://www.hyperelliptic.org/tanja/vortraege/talk-
30C3.pdf>.
[XML] Bray, T., Maler, E., Paoli, J., Sperberg-McQueen, C., and
F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth
Edition)", November 2008.
Author's Address
Sean B. Palmer
Independent
Palmer Expires June 10, 2016 [Page 4]