Re: [http-auth] RFC 7486 on HTTP Origin-Bound Authentication (HOBA)

Yoav Nir <ynir.ietf@gmail.com> Wed, 11 March 2015 07:51 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7999C1AC3FF for <http-auth@ietfa.amsl.com>; Wed, 11 Mar 2015 00:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jclx04kv-se6 for <http-auth@ietfa.amsl.com>; Wed, 11 Mar 2015 00:51:05 -0700 (PDT)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A00FA1AC3F9 for <http-auth@ietf.org>; Wed, 11 Mar 2015 00:51:04 -0700 (PDT)
Received: by wggx12 with SMTP id x12so7156888wgg.10 for <http-auth@ietf.org>; Wed, 11 Mar 2015 00:51:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=rWAptIMqAIsRlNQTheUr8/qFB7Ldqvj3VrtWvHAuvkI=; b=x5WJZoV5DVCcwMa+y7FItvhiH0KUlBPY9J48j6F5eufz/BFKQUigRnDwCMCnZAOXNB jbHpDh4Wx9u8nTjG/ZrpHU7XDwZPIfDWFDM7wk58neNkIIV/b1IMzWuC9kRAs/L+3Qgr oHjNnW+eyZ6vYPhCS+I/Fjhw/bhSAeO67yzMfh5qZYH8ton5ZR+b64g9DvOTO3ULit8s 6m4HHigT7uM+f/A3oMCJZxscOxEFkQ7ByJJR0e2RV7Jtu38M5nVlBhchdM6mMH4H0l5A XkZbBvs5qRLQMfiHiHwek1TXiBlIWJqDJjCLiPAP3BQ3l9gZFMCssQQ+E9I+IVMAy6hy Ag0Q==
X-Received: by 10.194.88.131 with SMTP id bg3mr77036139wjb.119.1426060263413; Wed, 11 Mar 2015 00:51:03 -0700 (PDT)
Received: from [172.24.249.226] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id n1sm23584786wib.11.2015.03.11.00.51.02 for <http-auth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 11 Mar 2015 00:51:02 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20150311004852.3B916180464@rfc-editor.org>
Date: Wed, 11 Mar 2015 09:51:00 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <06EC4970-5880-47A3-91A1-F2B59F35460E@gmail.com>
References: <20150311004852.3B916180464@rfc-editor.org>
To: httpauth mailing list <http-auth@ietf.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/B0LmbakkUeMAkE-33JoGFueiMXg>
Subject: Re: [http-auth] RFC 7486 on HTTP Origin-Bound Authentication (HOBA)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 07:51:06 -0000

Congratulations, and thanks to Stephen, Paul and Mike for all the hard work.

Thanks also to all who participated, reviewed, and commented.

Yoav

> On Mar 11, 2015, at 2:48 AM, rfc-editor@rfc-editor.org wrote:
> 
> A new Request for Comments is now available in online RFC libraries.
> 
> 
>        RFC 7486
> 
>        Title:      HTTP Origin-Bound Authentication (HOBA) 
>        Author:     S. Farrell, P. Hoffman,
>                    M. Thomas
>        Status:     Experimental
>        Stream:     IETF
>        Date:       March 2015
>        Mailbox:    stephen.farrell@cs.tcd.ie, 
>                    paul.hoffman@vpnc.org, 
>                    mike@phresheez.com
>        Pages:      28
>        Characters: 64868
>        Updates/Obsoletes/SeeAlso:   None
> 
>        I-D Tag:    draft-ietf-httpauth-hoba-10.txt
> 
>        URL:        https://www.rfc-editor.org/info/rfc7486
> 
> HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based
> design for an HTTP authentication method.  The design can also be
> used in JavaScript-based authentication embedded in HTML.  HOBA is an
> alternative to HTTP authentication schemes that require passwords and
> therefore avoids all problems related to passwords, such as leakage
> of server-side password databases.
> 
> This document is a product of the Hypertext Transfer Protocol Authentication Working Group of the IETF.
> 
> 
> EXPERIMENTAL: This memo defines an Experimental Protocol for the
> Internet community.  It does not specify an Internet standard of any
> kind. Discussion and suggestions for improvement are requested.
> Distribution of this memo is unlimited.
> 
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
>  https://www.ietf.org/mailman/listinfo/ietf-announce
>  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
> 
> For searching the RFC series, see https://www.rfc-editor.org/search
> For downloading RFCs, see https://www.rfc-editor.org/rfc.html
> 
> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
> 
> 
> The RFC Editor Team
> Association Management Solutions, LLC
> 
> 
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth