New issue
Advanced search Search tips

Issue 875721 link

Starred by 1 user
Status: Fixed
Owner:
ksakamoto@chromium.org
Closed: Aug 23
Cc:
kinuko@chromium.org
kouhei@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 803774



Sign in to add a comment

Signed Exchange: Update to draft-thomson-http-mice-03

Project Member Reported by ksakamoto@chromium.org, Aug 20 
https://tools.ietf.org/html/draft-thomson-http-mice-03

Changes from draft-thomson-http-mice-02:

- Use the Digest header instead of the MI header
- Different draft naming convention (mi-sha256-03)
- Different encoding on 0-length payloads
- The top-proof is now base64 encoded, not base64url

Comment 1 by ksakamoto@chromium.org, Aug 20

Blocking: 803774
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 22 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eee8c3313434874dc5b30e54632d0624cd0f3a47

commit eee8c3313434874dc5b30e54632d0624cd0f3a47
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Wed Aug 22 23:46:16 2018

Signed Exchange: Update to draft-thomson-http-mice-03

This patch updates the followings:

- Use the Digest header instead of the MI header
- Update the identifier from mi-sha256-draft2 to mi-sha256-03
- The top-proof is now encoded in standard base64, not base64url

Http-mice-03 also changes the behavior on 0-length payloads. That will
be addressed in a followup CL.

Bug:  875721 
Change-Id: I4c53a5ed6c25a62685d523c7a9d4583875a940c2
Reviewed-on: https://chromium-review.googlesource.com/1180955
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#585311}
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/loader/merkle_integrity_source_stream.cc
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/loader/merkle_integrity_source_stream.h
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/loader/merkle_integrity_source_stream_unittest.cc
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/web_package/signed_exchange_envelope_unittest.cc
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/web_package/signed_exchange_signature_verifier.cc
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/browser/web_package/signed_exchange_signature_verifier_unittest.cc
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/test/data/sxg/test.example.com_invalid_test.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/test/data/sxg/test.example.org_hello.txt.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/test/data/sxg/test.example.org_noext_test.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/content/test/data/sxg/test.example.org_test.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/fallback-to-another-sxg.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-cert-not-found.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-invalid-validity-url.sxg
[modify] https://crrev.com/eee8c3313434874dc5b30e54632d0624cd0f3a47/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-location.sxg
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 23 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5d39304be2b2249b063ef0336d600a7ac20aa79d

commit 5d39304be2b2249b063ef0336d600a7ac20aa79d
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Thu Aug 23 03:17:02 2018

MerkleIntegritySourceStream: Update the treatment of empty payload

This makes MerkleIntegritySourceStream match the new behavior of
draft-thomson-http-mice-03 [1], where the encoding of an empty payload
does not have the 8-byte record size.

Also, after this patch the final record must not be empty. Empty final
records were allowed because http-mice-02 couldn't represent the empty
payload otherwise.

[1] https://tools.ietf.org/html/draft-thomson-http-mice-03#section-2

Bug:  875721 
Change-Id: I2e2003603fb9f3d9baf4cf369cf9487b8990bcf8
Reviewed-on: https://chromium-review.googlesource.com/1183044
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#585383}
[modify] https://crrev.com/5d39304be2b2249b063ef0336d600a7ac20aa79d/content/browser/loader/merkle_integrity_source_stream.cc
[modify] https://crrev.com/5d39304be2b2249b063ef0336d600a7ac20aa79d/content/browser/loader/merkle_integrity_source_stream_unittest.cc

Comment 4 by ksakamoto@chromium.org, Aug 23

Status: Fixed (was: Assigned)

Sign in to add a comment