Signed HTTP Exchanges Implementation Checkpoints

3.1. The Signature Header

The Signature header field conveys a single signature for an exchange, accompanied by information about how to determine the authority of and refresh that signature. Each signature directly signs the exchange's URL and response headers and identifies one of those headers that enforces the integrity of the exchange's payload.¶

The Signature header is a Structured Header as defined by [I-D.ietf-httpbis-header-structure-10]. Its value MUST be a parameterised list (Section 3.4 of [I-D.ietf-httpbis-header-structure-10]), and the list MUST contain exactly one element. Its ABNF is:¶

Signature = sh-param-list

The parameterised identifier in the list MUST have parameters named "sig", "integrity", "validity-url", "date", "expires", "cert-url", and "cert-sha256". This specification gives no meaning to the identifier itself, which can be used as a human-readable identifier for the signature. The present parameters MUST have the following values:¶

"sig"

Byte sequence (Section 3.10 of [I-D.ietf-httpbis-header-structure-10]) holding the signature of most of these parameters and the exchange's URL and response headers.¶

"integrity"

A string (Section 3.8 of [I-D.ietf-httpbis-header-structure-10]) containing a "/"-separated sequence of names starting with the lowercase name of the response header field that guards the response payload's integrity. The meaning of subsequent names depends on the response header field, but for the "digest" header field, the single following name is the name of the digest algorithm that guards the payload's integrity.¶

"cert-url"

A string (Section 3.8 of [I-D.ietf-httpbis-header-structure-10]) containing an absolute URL (Section 2) with a scheme of "https" or "data".¶

"cert-sha256"

Byte sequence (Section 3.10 of [I-D.ietf-httpbis-header-structure-10]) holding the SHA-256 hash of the first certificate found at "cert-url".¶

"validity-url"

A string (Section 3.8 of [I-D.ietf-httpbis-header-structure-10]) containing an absolute URL (Section 2) with a scheme of "https".¶

"date" and "expires"

An integer (Section 3.6 of [I-D.ietf-httpbis-header-structure-10]) representing a Unix time.¶

The "cert-url" parameter is not signed, so intermediates can update it with a pointer to a cached version.¶

Signature:
 sig1;
  sig=*MEUCIQDXlI2gN3RNBlgFiuRNFpZXcDIaUpX6HIEwcZEc0cZYLAIga9DsVOMM+g5YpwEBdGW3sS+bvnmAJJiSMwhuBdqp5UY=*;
  integrity="digest/mi-sha256-03";
  validity-url="https://example.com/resource.validity.1511128380";
  cert-url="https://example.com/oldcerts";
  cert-sha256=*W7uB969dFW3Mb5ZefPS9Tq5ZbH5iSmOILpjv2qEArmI=*;
  date=1511128380; expires=1511733180

3.2. CBOR representation of exchange response headers

To sign an exchange's response headers, they need to be serialized into a byte string. Since intermediaries and distributors might rearrange, add, or just reserialize headers, we can't use the literal bytes of the headers as this serialization. Instead, this section defines a CBOR representation that can be embedded into other CBOR, canonically serialized (Section 3.4), and then signed.¶

The CBOR representation of a set of response metadata and headers is the CBOR ([RFC7049]) map with the following mappings:¶

• The byte string ':status' to the byte string containing the response's 3-digit status code, and¶
• For each response header field, the header field's lowercase name as a byte string to the header field's value as a byte string.¶

GET / HTTP/1.1
Host: example.com
Accept: */*

HTTP/1.1 200
Content-Type: text/html
Digest: mi-sha256-03=dcRDgR2GM35DluAV13PzgnG6+pvQwPywfFvAu1UeFrs=
Signed-Headers: "content-type", "digest"

<!doctype html>
<html>
...

  {
    'digest': 'mi-sha256-03=dcRDgR2GM35DluAV13PzgnG6+pvQwPywfFvAu1UeFrs=',
    ':status': '200',
    'content-type': 'text/html'
  }

3.3. Loading a certificate chain

The resource at a signature's cert-url MUST have the application/cert-chain+cbor content type, MUST be canonically-encoded CBOR (Section 3.4), and MUST match the following CDDL:¶

cert-chain = [
  "📜⛓", ; U+1F4DC U+26D3
  + {
    cert: bytes,
    ? ocsp: bytes,
    ? sct: bytes,
    * tstr => any,
  }
]

The first map (second item) in the CBOR array is treated as the end-entity certificate, and the client will attempt to build a path ([RFC5280]) to it from a trusted root using the other certificates in the chain.¶

1. Each cert value MUST be a DER-encoded X.509v3 certificate ([RFC5280]). Other key/value pairs in the same array item define properties of this certificate.¶
2. The first certificate's ocsp value MUST be a complete, DER-encoded OCSP response for that certificate (using the ASN.1 type OCSPResponse defined in [RFC6960]). Subsequent certificates MUST NOT have an ocsp value.¶
3. Each certificate's sct value if any MUST be a SignedCertificateTimestampList for that certificate as defined by Section 3.3 of [RFC6962].¶

Loading a cert-url takes a forceFetch flag. The client MUST:¶

1. Let raw-chain be the result of fetching ([FETCH]) cert-url. If forceFetch is not set, the fetch can be fulfilled from a cache using normal HTTP semantics [RFC7234]. If this fetch fails, return "invalid".¶
2. Let certificate-chain be the array of certificates and properties produced by parsing raw-chain using the CDDL above. If any of the requirements above aren't satisfied, return "invalid". Note that this validation requirement might be impractical to completely achieve due to certificate validation implementations that don't enforce DER encoding or other standard constraints.¶
3. Return certificate-chain.¶

3.4. Canonical CBOR serialization

Within this specification, the canonical serialization of a CBOR item uses the following rules derived from Section 3.9 of [RFC7049] with erratum 4964 applied:¶

• Integers and the lengths of arrays, maps, and strings MUST use the smallest possible encoding.¶
• Items MUST NOT be encoded with indefinite length.¶

• The keys in every map MUST be sorted in the bytewise lexicographic order of their canonical encodings. For example, the following keys are correctly sorted:¶

  1. 10, encoded as 0A.¶
  2. 100, encoded as 18 64.¶
  3. -1, encoded as 20.¶
  4. "z", encoded as 61 7A.¶
  5. "aa", encoded as 62 61 61.¶
  6. [100], encoded as 81 18 64.¶
  7. [-1], encoded as 81 20.¶
  8. false, encoded as F4.¶

Note: this specification does not use floating point, tags, or other more complex data types, so it doesn't need rules to canonicalize those.¶

3.5. Signature validity

The client MUST parse the Signature header field as the parameterised list (Section 4.2.5 of [I-D.ietf-httpbis-header-structure-10]) described in Section 3.1. If an error is thrown during this parsing or any of the requirements described there aren't satisfied, the exchange has no valid signatures. Otherwise, each member of this list represents a signature with parameters.¶

The client MUST use the following algorithm to determine whether each signature with parameters is invalid or potentially-valid for an exchange's¶

• requestUrl, a byte sequence that can be parsed into the exchange's effective request URI (Section 5.5 of [RFC7230]),¶
• responseHeaders, a byte sequence holding the canonical serialization (Section 3.4) of the CBOR representation (Section 3.2) of the exchange's response metadata and headers, and¶
• payload, a stream of bytes constituting the exchange's payload body (Section 3.3 of [RFC7230]). Note that the payload body is the message body with any transfer encodings removed.¶

Potentially-valid results include:¶

• The signed headers of the exchange so that higher-level protocols can avoid relying on unsigned headers, and¶
• Either a certificate chain or a public key so that a higher-level protocol can determine whether it's actually valid.¶

1. Let:¶

   • signature be the signature (byte sequence in the parameterised identifier's "sig" parameter).¶
   • integrity be the signature's "integrity" parameter.¶
   • validity-url be the signature's "validity-url" parameter.¶
   • cert-url be the signature's "cert-url" parameter, if any.¶
   • cert-sha256 be the signature's "cert-sha256" parameter, if any.¶
   • date be the signature's "date" parameter, interpreted as a Unix time.¶
   • expires be the signature's "expires" parameter, interpreted as a Unix time.¶

2. Set publicKey and signing-alg depending on which key fields are present:¶

   1. Assert: cert-url is present.¶

      1. Let certificate-chain be the result of loading the certificate chain at cert-url passing the forceFetch flag (Section 3.3). If this returns "invalid", return "invalid".¶
      2. Let main-certificate be the first certificate in certificate-chain.¶
      3. Set publicKey to main-certificate's public key.¶
      4. If publicKey is an RSA key, return "invalid".¶
      5. If publicKey is a key using the secp256r1 elliptic curve, set signing-alg to ecdsa_secp256r1_sha256 as defined in Section 4.2.3 of [TLS1.3].¶
      6. Otherwise, return "invalid".¶
3. If expires is more than 7 days (604800 seconds) after date, return "invalid".¶
4. If the current time is before date or after expires, return "invalid".¶

5. Let message be the concatenation of the following byte strings. This matches the [TLS1.3] format to avoid cross-protocol attacks if anyone uses the same key in a TLS certificate and an exchange-signing certificate.¶

   1. A string that consists of octet 32 (0x20) repeated 64 times.¶

   2. A context string: the ASCII encoding of "HTTP Exchange 1 b3".¶

      Note: As this is a snapshot of a draft of [I-D.yasskin-http-origin-signed-responses], it uses a distinct context string.¶

   3. A single 0 byte which serves as a separator.¶
   4. If cert-sha256 is set, a byte holding the value 32 followed by the 32 bytes of the value of cert-sha256. Otherwise a 0 byte.¶
   5. The 8-byte big-endian encoding of the length in bytes of validity-url, followed by the bytes of validity-url.¶
   6. The 8-byte big-endian encoding of date.¶
   7. The 8-byte big-endian encoding of expires.¶
   8. The 8-byte big-endian encoding of the length in bytes of requestUrl, followed by the bytes of requestUrl.¶
   9. The 8-byte big-endian encoding of the length in bytes of responseHeaders, followed by the bytes of responseHeaders.¶

6. If cert-url is present and the SHA-256 hash of main-certificate's cert_data is not equal to cert-sha256 (whose presence was checked when the Signature header field was parsed), return "invalid".¶

   Note that this intentionally differs from TLS 1.3, which signs the entire certificate chain in its Certificate Verify (Section 4.4.3 of [TLS1.3]), in order to allow updating the stapled OCSP response without updating signatures at the same time.¶

7. If signature is not a valid signature of message by publicKey using signing-alg, return "invalid".¶

8. If headers, interpreted according to Section 3.2, does not contain a Content-Type response header field (Section 3.1.1.5 of [RFC7231]), return "invalid".¶

   Clients MUST interpret the signed payload as this specified media type instead of trying to sniff a media type from the bytes of the payload, for example by attaching an X-Content-Type-Options: nosniff header field ([FETCH]) to the extracted response.¶

9. If integrity does not match "digest/mi-sha256-03", return "invalid".¶
10. If payload doesn't match the integrity information in the header described by integrity, return "invalid".¶
11. Return "potentially-valid" with certificate-chain.¶

Note that the above algorithm can determine that an exchange's headers are potentially-valid before the exchange's payload is received. Similarly, if integrity identifies a header field and parameter like Digest: mi-sha256-03 ([I-D.thomson-http-mice]) that can incrementally validate the payload, early parts of the payload can be determined to be potentially-valid before later parts of the payload. Higher-level protocols MAY process parts of the exchange that have been determined to be potentially-valid as soon as that determination is made but MUST NOT process parts of the exchange that are not yet potentially-valid. Similarly, as the higher-level protocol determines that parts of the exchange are actually valid, the client MAY process those parts of the exchange and MUST wait to process other parts of the exchange until they too are determined to be valid.¶

3.6. Updating signature validity

Both OCSP responses and signatures are designed to expire a short time after they're signed, so that revoked certificates and signed exchanges with known vulnerabilities are distrusted promptly.¶

This specification provides no way to update OCSP responses by themselves. Instead, clients need to re-fetch the "cert-url" (Section 3.5, Paragraph 6) to get a chain including a newer OCSP response.¶

The "validity-url" parameter (Section 3.1) of the signatures provides a way to fetch new signatures or learn where to fetch a complete updated exchange.¶

Each version of a signed exchange SHOULD have its own validity URLs, since each version needs different signatures and becomes obsolete at different times.¶

The resource at a "validity-url" is "validity data", a CBOR map matching the following CDDL ([CDDL]):¶

validity = {
  ? signatures: [ + bytes ]
  ? update: {
    ? size: uint,
  }
]

The elements of the signatures array are parameterised identifiers (Section 4.2.6 of [I-D.ietf-httpbis-header-structure-10]) meant to replace the signatures within the Signature header field pointing to this validity data. If the signed exchange contains a bug severe enough that clients need to stop using the content, the signatures array MUST NOT be present.¶

If the the update map is present, that indicates that a new version of the signed exchange is available at its effective request URI (Section 5.5 of [RFC7230]) and can give an estimate of the size of the updated exchange (update.size). If the signed exchange is currently the most recent version, the update SHOULD NOT be present.¶

If both the signatures and update fields are present, clients can use the estimated size to decide whether to update the whole resource or just its signatures.¶

Signature:
 sig1;
  sig=*MEUCIQ...*;
  ...
  validity-url="https://example.com/resource.validity.1511157180";
  cert-url="https://example.com/oldcerts";
  date=1511128380; expires=1511733180

{
  "signatures": [
    'sig1; '
    'sig=*MEQCIC/I9Q+7BZFP6cSDsWx43pBAL0ujTbON/+7RwKVk+ba5AiB3FSFLZqpzmDJ0NumNwN04pqgJZE99fcK86UjkPbj4jw==*; '
    'validity-url="https://example.com/resource.validity.1511157180"; '
    'integrity="digest/mi-sha256-03"; '
    'cert-url="https://example.com/newcerts"; '
    'cert-sha256=*J/lEm9kNRODdCmINbvitpvdYKNQ+YgBj99DlYp4fEXw=*; '
    'date=1511733180; expires=1512337980'
  ],
  "update": {
    "size": 5557452
  }
}

Signature:
 sig1;
  sig=*MEQCIC...*;
  ...
  validity-url="https://example.com/resource.validity.1511157180";
  cert-url="https://example.com/newcerts";
  date=1511733180; expires=1512337980

3.7. The Accept-Signature header

The Accept-Signature request header is not used.¶

4.1. Uncached header fields

Hop-by-hop and other uncached headers MUST NOT appear in a signed exchange. These will eventually be listed in [I-D.ietf-httpbis-cache], but for now they're listed here:¶

• Hop-by-hop header fields listed in the Connection header field (Section 6.1 of [RFC7230]).¶
• Header fields listed in the no-cache response directive in the Cache-Control header field (Section 5.2.2.2 of [RFC7234]).¶

• Header fields defined as hop-by-hop:¶

  • Connection¶
  • Keep-Alive¶
  • Proxy-Connection¶
  • Trailer¶
  • Transfer-Encoding¶
  • Upgrade¶
• Stateful headers as defined below.¶

4.2. Certificate Requirements

We define a new X.509 extension, CanSignHttpExchanges to be used in the certificate when the certificate permits the usage of signed exchanges. When this extension is not present the client MUST NOT accept a signature from the certificate as proof that a signed exchange is authoritative for a domain covered by the certificate. When it is present, the client MUST follow the validation procedure in Section 4.¶

   CanSignHttpExchanges ::= NULL

Note that this extension contains an ASN.1 NULL (bytes 05 00) because some implementations have bugs with empty extensions.¶

Leaf certificates without this extension need to be revoked if the private key is exposed to an unauthorized entity, but they generally don't need to be revoked if a signing oracle is exposed and then removed.¶

CA certificates, by contrast, need to be revoked if an unauthorized entity is able to make even one unauthorized signature.¶

Certificates with this extension MUST be revoked if an unauthorized entity is able to make even one unauthorized signature.¶

Starting 2019-05-01, certificates with this extension MUST have a Validity Period no greater than 90 days.¶

Conforming CAs MUST NOT mark this extension as critical.¶

Starting 2019-05-01, a conforming CA MUST NOT issue certificates with this extension unless, for each dNSName in the subjectAltName extension of the certificate to be issued:¶

1. An "issue" or "issuewild" CAA property ([RFC6844]) exists that authorizes the CA to issue the certificate; and¶
2. The "cansignhttpexchanges" parameter (Section 4.2.1) is present on the property and is equal to "yes"¶

Clients MUST NOT accept certificates with this extension in TLS connections (Section 4.4.2.2 of [TLS1.3]).¶

This draft of the specification identifies the CanSignHttpExchanges extension with the id-ce-canSignHttpExchangesDraft OID:¶

   id-ce-google OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 11129 }
   id-ce-canSignHttpExchangesDraft OBJECT IDENTIFIER ::= { id-ce-google 2 1 22 }

This OID might or might not be used as the final OID for the extension, so certificates including it might need to be reissued once the final RFC is published.¶

Some certificates have already been issued with this extension and with validity periods longer than 90 days. These certificates will not immediately be treated as invalid. Instead:¶

• Clients MUST reject certificates with this extension that were issued after 2019-05-01 and have a Validity Period longer than 90 days.¶
• After 2019-08-01, clients MUST reject all certificates with this extension that have a Validity Period longer than 90 days.¶

5.1. Same-origin response

Same-origin responses are not implemented.¶

5.2. HTTP/2 extension for cross-origin Server Push

Cross origin push is not implemented.¶

5.3. application/signed-exchange format

To allow signed exchanges to be the targets of <link rel=prefetch> tags, we define the application/signed-exchange content type that represents a signed HTTP exchange, including a request URL, response metadata and header fields, and a response payload.¶

When served over HTTP, a response containing an application/signed-exchange payload MUST include at least the following response header fields, to reduce content sniffing vulnerabilities:¶

• Content-Type: application/signed-exchange;v=version¶
• X-Content-Type-Options: nosniff¶

This content type consists of the concatenation of the following items:¶

1. 8 bytes consisting of the ASCII characters "sxg1-b3" followed by a 0 byte, to serve as a file signature. This is redundant with the MIME type, and recipients that receive both MUST check that they match and, if they don't, either stop parsing or redirect to the fallbackUrl in the next two entries.¶

   Note: As this is a snapshot of a draft of [I-D.yasskin-http-origin-signed-responses], it uses a distinct file signature.¶

2. 2 bytes storing a big-endian integer fallbackUrlLength.¶

3. fallbackUrlLength bytes holding a fallbackUrl, which MUST UTF-8 decode to an absolute URL with a scheme of "https".¶

   Note: The byte location of the fallback URL is intended to remain invariant across versions of the application/signed-exchange format so that parsers encountering unknown versions can always find a URL to redirect to.¶

4. 3 bytes storing a big-endian integer sigLength. If this is larger than 16384 (16*1024), parsing MUST fail.¶
5. 3 bytes storing a big-endian integer headerLength. If this is larger than 524288 (512*1024), parsing MUST fail.¶
6. sigLength bytes holding the Signature header field's value (Section 3.1).¶
7. headerLength bytes holding signedHeaders, the canonical serialization (Section 3.4) of the CBOR representation of the response headers of the exchange represented by the application/signed-exchange resource (Section 3.2), excluding the Signature header field.¶

8. The payload body (Section 3.3 of [RFC7230]) of the exchange represented by the application/signed-exchange resource.¶

   Note that the use of the payload body here means that a Transfer-Encoding header field inside the application/signed-exchange header block has no effect. A Transfer-Encoding header field on the outer HTTP response that transfers this resource still has its normal effect.¶

sxg1-b3\0<2-byte length of the following url string>
https://example.com/<3-byte length of the following header
value><3-byte length of the encoding of the
following map>sig1; sig=*...; integrity="digest/mi-sha256-03"; ...{
    ':status': '200',
    'content-type': 'text/html'
}<!doctype html>\r\n<html>...

8.1. Internet Media Type application/signed-exchange

Type name: application¶

Subtype name: signed-exchange¶

Required parameters:¶

• v: A string denoting the version of the file format. ([RFC5234] ABNF: version = DIGIT/%x61-7A) The version defined in this specification is b3. When used with the Accept header field (Section 5.3.1 of [RFC7231]), this parameter can be a comma (,)-separated list of version strings. ([RFC5234] ABNF: version-list = version *( "," version )) The server is then expected to reply with a resource using a particular version from that list.¶

  Note: As this is a snapshot of a draft of [I-D.yasskin-http-origin-signed-responses], it uses a distinct version number.¶

Magic number(s): 73 78 67 31 2D 62 33 00¶

The other fields are the same as the registration in [I-D.yasskin-http-origin-signed-responses].¶