Re: Working Group Last Call: The Concealed HTTP Authentication Scheme
David Schinazi <dschinazi.ietf@gmail.com> Wed, 12 June 2024 22:14 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49FB0C14F70A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Jun 2024 15:14:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.857
X-Spam-Level:
X-Spam-Status: No, score=-2.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="I/0xubcb"; dkim=pass (2048-bit key) header.d=w3.org header.b="iNfWQcsO"; dkim=pass (2048-bit key) header.d=gmail.com header.b="G324JKjc"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6hqnOHDZiUMp for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Jun 2024 15:14:44 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8296DC14F702 for <httpbisa-archive-bis2Juki@ietf.org>; Wed, 12 Jun 2024 15:14:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=3nq2FD40qDsSwPt5+HdRDZ4uJDAL0ABI5X/T8/ZZQCw=; b=I/0xubcbYWuKwQbX9CcERun5Ax tRX8vf5opomWtSaFIaWhs2czHHJq7ZWbd88DzQHeddDYVNeGWWdRgatoScFubM/qdYEJobwxIjJ+B Bu6WivIUK6EL89Ix9kWhzeSVEAy9k2Guy4iJ1sGQc9CUKowsRsmKH075lPRnb6h7fhGZXcFjzW6YB +yfobCkttKmo9BC9Rl2NdkopRgpcvRL64Nixpz62oqpBdIEqsEBrFmQA6t6031TbsX7+zlzxqhIZG pAKTsPb67PMKPe/YY5rTr43AMXQsdSzmEW876V09uglmR5I6TYUSOIyHfSg4BgMfX3aHGZ+5Kp6/O zb0Nq6Uw==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1sHWDz-000TrI-1G for ietf-http-wg-dist@listhub.w3.org; Wed, 12 Jun 2024 22:13:47 +0000
Resent-Date: Wed, 12 Jun 2024 22:13:47 +0000
Resent-Message-Id: <E1sHWDz-000TrI-1G@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <dschinazi.ietf@gmail.com>) id 1sHWDw-000Tpy-06 for ietf-http-wg@listhub.w3.internal; Wed, 12 Jun 2024 22:13:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=3nq2FD40qDsSwPt5+HdRDZ4uJDAL0ABI5X/T8/ZZQCw=; t=1718230424; x=1719094424; b=iNfWQcsOH4euPCVOnRpRpT+hQJgc32eBl3c72crcIY0lB7Bv3gQKSa17mDy6ljmbGm5qHsEF3V7 oQZV21WPs/2mNnExVoUj3FOrz6EsqkrZqTdkCM99RKUv6GTsM6982anbnfINgPFxrpH/XKa/ucaOr jlot5eiHo9eiqev423Ii9IHOjUZfYMh2qANhzJDNMwiFDtcHQYwAzeu2vwgaAdsH4eeNqv463QNzk bovmGR9GRI+fNz5mX3t1b3Iw9X7MBP7IMgMc1/f2rF/KDufsiloRlmew+0ZVdB0x+gQfzgQ2x6S5k amaq5QFFp09ZpEA/uWeY4Cr9LEW19NQuo63w==;
Received-SPF: pass (puck.w3.org: domain of gmail.com designates 2a00:1450:4864:20::333 as permitted sender) client-ip=2a00:1450:4864:20::333; envelope-from=dschinazi.ietf@gmail.com; helo=mail-wm1-x333.google.com;
Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <dschinazi.ietf@gmail.com>) id 1sHWDv-006y1i-10 for ietf-http-wg@w3.org; Wed, 12 Jun 2024 22:13:43 +0000
Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-4217f2e3450so5017485e9.1 for <ietf-http-wg@w3.org>; Wed, 12 Jun 2024 15:13:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718230419; x=1718835219; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3nq2FD40qDsSwPt5+HdRDZ4uJDAL0ABI5X/T8/ZZQCw=; b=G324JKjcHcUuhLH7m3k1qWcKTf1dFDoTWaJs1X5FjYlG+GfSZ+Cr4gk7j4udc0xvk4 PE7mz6IWC5g4vvpRqdLwy6zLgnquTqpHCwBi4/n9zMEHqec5nUsVLuKqoCk5KisNshZ4 YWRK2/5v/zyPGHtWvyqYTf4GZNmaGYIfLAJe+KvNkaTk4nRhWcaSNhGnQ5XbvbSmQnio Z62d8jsGSLHemfkTOUE4Uj1YKj+9D2gV/A+ZXXRJbOmgl22mxcJwTUHik5i/mfmhYh0o mBibX103htApOY49RCVGgWygY2JqB85jeOghoWygiITZLcGw+SnZOXIKsBL7Xpl7oP3p /S7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718230419; x=1718835219; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3nq2FD40qDsSwPt5+HdRDZ4uJDAL0ABI5X/T8/ZZQCw=; b=b3ocZHKFRqn9yBJc5KlOHjiaMfniaJ6rAXVX3DVThIp6UWUJDfEw4EUq59VL7tsGUd WId5GnmY4/2qlAKCy9uHPmJc+VL970RUg7YFlkJrMfzJA8HYVG/EJVRBuGd4Y8NiRxha nsoUkGAjU/ouXd7rUb7NtkqaJreVe3tJRZ/4RN189rAv4VU4BTuHnMl3cjHXZ92DOTcD PuWyNqbRgW/MouYsr8byWwOeSJ2+2w5/KdYJilw1d/e5aCbh1JuudH4pLZVCBqSvME+q waCv+K1z8ELjSNOZcurrrkCeIeVgpLb/3onBEI7os/qbNDbXSM9htmzTTSe5t7GEy1zk ORIQ==
X-Forwarded-Encrypted: i=1; AJvYcCVXIZWhPzJ0/cU/RbddOzTDa12XG2h028kgGbzjDULsQhdYNcTki/fIr1BzdCwdxhBtVD1bvco6+ZHxrXjvSHHsDCHN
X-Gm-Message-State: AOJu0YyAhyQP8dUkNH8/tUQ5tdW00dFqvoL6MTyzFkFPls10WkG7ymXf mqIqqhSJ5oKav/BWDhaN9DI4PrhBGymPpZejOgF8ut2CrXFpMS7V1pC8Qvzj+CUmW2SmlNV6G0O RkwHD48zwpTQAEQ1xMT0XYFWW8cw=
X-Google-Smtp-Source: AGHT+IG97j2Wuc5UTEyQprTWd7ld9RUBTAhs+gZHh8O2g170dvZGdlIV+zvjvhnzrRLQ+8jEEpRsMQAscxJVyHq1DAY=
X-Received: by 2002:a05:600c:4ed1:b0:420:182e:eb46 with SMTP id 5b1f17b1804b1-422867c00a9mr29650055e9.38.1718230419047; Wed, 12 Jun 2024 15:13:39 -0700 (PDT)
MIME-Version: 1.0
References: <4270C5C8-23AA-456C-8AB4-A8B23E83224C@mnot.net> <99063502-e68c-4bcb-9ecb-1bcbeec952b3@dennis-jackson.uk>
In-Reply-To: <99063502-e68c-4bcb-9ecb-1bcbeec952b3@dennis-jackson.uk>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 12 Jun 2024 15:13:27 -0700
Message-ID: <CAPDSy+6qTHU34B05nNEAr_F0HS8CSLgervPAnzTTOQwtQNMT2Q@mail.gmail.com>
To: Dennis Jackson <ietf@dennis-jackson.uk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>, Jonathan Hoyland <jonathan.hoyland@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000c51139061ab8b135"
X-W3C-Hub-DKIM-Status: validation passed: (address=dschinazi.ietf@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1sHWDv-006y1i-10 7b89d4f7874d61830f98ace2843d6545
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call: The Concealed HTTP Authentication Scheme
Archived-At: <https://www.w3.org/mid/CAPDSy+6qTHU34B05nNEAr_F0HS8CSLgervPAnzTTOQwtQNMT2Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51997
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Dennis, Jonathan finished his analysis and was able to prove the properties we cared about. Jonathan, did that ever get published somewhere that we could refer to from the draft? Thanks, David On Wed, Jun 12, 2024 at 4:45 AM Dennis Jackson <ietf@dennis-jackson.uk> wrote: > I have reviewed the document and don't have any issues or objections. > > I believe Jonathan was working to formally verify the design? Has that > process arrived at an outcome or been paused? If there's a concrete > outcome, it might be nice to point to it in the document as an > informative reference. > > Best, > Dennis > > On 11/06/2024 20:55, Mark Nottingham wrote: > > Working Group participants, > > > > This e-mail announces Working Group Last Call for revision 07 of the > > following document: > > https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ > > > > There are no outstanding issues in GitHub, and the editors indicate > > that they believe it is ready. > > > > Please review the document and raise any issues you find (preferably > > on GitHub, but also acceptable on-list) and indicate whether you > > support publication (or object to it) in response to this message. > > > > Working Group Last Call will end on 27 June 2024. > > > > Cheers, > > > > -- > > Mark Nottingham https://www.mnot.net/ > > > > > >
- Working Group Last Call: The Concealed HTTP Authe… Mark Nottingham
- Re: Working Group Last Call: The Concealed HTTP A… Dennis Jackson
- Re: Working Group Last Call: The Concealed HTTP A… David Schinazi
- RE: Working Group Last Call: The Concealed HTTP A… Mike Bishop
- Re: Working Group Last Call: The Concealed HTTP A… David Schinazi
- Re: Working Group Last Call: The Concealed HTTP A… Watson Ladd
- Re: Working Group Last Call: The Concealed HTTP A… Martin Thomson
- Re: Working Group Last Call: The Concealed HTTP A… Tommy Pauly
- Re: Working Group Last Call: The Concealed HTTP A… David Schinazi