HTTPsec

HTTPsec ("HTTP security") is an authentication scheme for the web protocol HTTP. HTTPsec provides cryptographically strong security at the application layer. HTTPsec is a proposal by [http://secarta.com/ Secarta] .

HTTPsec operates within the framework of the HTTP authentication headers. It uses RSA public keys for mutual authentication, and ephemeral Diffie-Hellman key exchange to ensure forward secrecy. The protocol provides mutual authentication and message origin authentication, via protection applied to (1) the integrity of URL, Method, and core HTTP headers, (2) the integrity of the message body, (3) message sequence, and (4) message replays. It optionally provides message body encryption. It does not provide header confidentiality (as messages would no longer be HTTP if their header fields were encrypted) or integrity protection applied to secondary headers (which may be legitimately altered by proxies).

Example with explanation

(Many details are omitted - refer to the full specifications for a complete explanation.)

The terms "requester" and "responder" are used in place of "client" and "server" for the two peers in the transaction. This is to acknowledge that the peers that are being authenticated do not necessarily map one-to-one to client or server devices. For example, a server may host multiple endpoints that are distinctly identified.

There are three possible types of transaction: Initialisation, Continuation, and Challenge.

Initialization Transactions

Initialization transactions occur when a requester wishes to initiate a new shared-secret agreement. They are for protocol purposes only and are thus not used to carry message payloads.

* The requester sends its identifier, certificate, and an ephemeral Diffie-Hellman public value, and a random nonce.
* The responder responds with its identifier, certificate, an ephemeral Diffie-Hellman public value, and a separate random nonce encrypted in the RSA public key presented by the requester's certificate. It also signs with its RSA private key all the protocol parameters so far exchanged. The responder is authenticated in the initialization stage, by the validating the signature against the public key presented by its certificate (authentication freshness is ensured by the requester's nonce). The requester is subsequently authenticated in the continuation stage by the use of HMAC message authentication codes (authentication freshness is ensured by the requester's ability to decrypt the responders's nonce).

The Diffie-Hellman values are used to generate an ephemeral shared secret. From this temporary secret keys are derived identically by both peers. In the initialise response, a token is also returned to reference these secret keys in subsequent continuation messages.

Example initialization request:

HEAD http://alice.example.com/foobar.txt HTTP/1.1Authorization: httpsec/1.0 initialize id=bob.example.com dh=clW9y2X5Vy+5+Ncv5lAI3W9y2X5Vgfe4y+5+Ncv5l... certificate=http://bob.example.com/my-cert url=http://alice.example.com/foobar.txt group=rfc3526#14 nonce=7iqgkzgfdIe0HN35r6met2579yxetyerty7MZW...