I-D Action: draft-ietf-httpbis-unprompted-auth-09.txt
internet-drafts@ietf.org Tue, 23 July 2024 15:34 UTC
Received: by ietfa.amsl.com (Postfix) id 34F6DC1F7D60; Tue, 23 Jul 2024 08:34:29 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 344B1C14F6A0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Jul 2024 08:34:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="PBQDWAt+"; dkim=pass (2048-bit key) header.d=w3.org header.b="l/iK0wmC"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NyF4aYXBa1ul for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Jul 2024 08:34:28 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2F5AC1F6F91 for <httpbisa-archive-bis2Juki@ietf.org>; Tue, 23 Jul 2024 08:34:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Date:Message-ID:Reply-To:Cc:To:From:Content-Type:MIME-Version :In-Reply-To:References; bh=N8JPmDSakYviPo0dbb1kQyZK9gXWPR6zMuDf6oCfZmI=; b=P BQDWAt+xY/NRyh7EoSibv+2ve3SGFdifLMogV1D7TxSeEjMx3OBrJ7t6MmWLUQF221izw+hPUe9nV W98BmU/6iMrTWIF60xMvZ/JDmXntqrad/fJr8VCieuKhpI3HZnoQSuH/tFO2feYglowM5yaS8o/L4 a7+eGT9Qx0R/qKRwbyfR41UD0+umET9ICEkZ1jAlVS4+bqTpW5acJbN+qgNgfKHpk3d1m/qXbNNQD 6laI+DFyur3I5HzThxuq70/L9u19utmxoeUwc8yvP51RYHxNSlV0aXh1F1Vpc+TPRKBZkzCfhkCKs GxeRzorNmJ/IaOXgmrE9MD3G/95qfO3yw==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1sWHW4-001y1a-2H for ietf-http-wg-dist@listhub.w3.org; Tue, 23 Jul 2024 15:33:28 +0000
Resent-Date: Tue, 23 Jul 2024 15:33:28 +0000
Resent-Message-Id: <E1sWHW4-001y1a-2H@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <internet-drafts@ietf.org>) id 1sWHW1-001xxn-2F for ietf-http-wg@listhub.w3.internal; Tue, 23 Jul 2024 15:33:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Date:Message-ID:Reply-To:Subject:Cc:To:From:Content-Type:MIME-Version :In-Reply-To:References; bh=N8JPmDSakYviPo0dbb1kQyZK9gXWPR6zMuDf6oCfZmI=; t=1721748805; x=1722612805; b=l/iK0wmCFS6P+CcR50ceayIktYsxo5DvyfdHCa5NGO5+Q2p Ag55FaZmmTr9g95dzLt7c0PeVfX7c2iWGN4MW77mJUnnunAm507f4Lp3A72+iucHednFpzt2G2OEs 3c1xZQf4DxqdgeDo3lrG1fRwQqfkyXNggmmI2awI8ZKrAbNYC0dr1gm94O58zbCDWPMpV1DP4Qlit Wlr/m9G5XKnqxbTNR0ksxJ7DSovo0DIGySLd86WXKetAdQAnE8PCv9ZmK5FZGF8rL1tlX5iUJsiNe jxsUMiGdhulMVA+0rn4aFMyQGWRc3BxfTAWOGcHi8V0pHD6uxagWS+P4IrPDgQqg==;
Received-SPF: pass (pan.w3.org: domain of ietf.org designates 50.223.129.194 as permitted sender) client-ip=50.223.129.194; envelope-from=internet-drafts@ietf.org; helo=mail.ietf.org;
Received: from mail.ietf.org ([50.223.129.194]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <internet-drafts@ietf.org>) id 1sWHW0-00C0uC-2t for ietf-http-wg@w3.org; Tue, 23 Jul 2024 15:33:25 +0000
Received: from [10.244.2.81] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD8CC1CAE6B; Tue, 23 Jul 2024 08:33:20 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.19.0
Auto-Submitted: auto-generated
Reply-To: ietf-http-wg@w3.org
Message-ID: <172174880068.513492.17207273161621618346@dt-datatracker-659f84ff76-9wqgv>
Date: Tue, 23 Jul 2024 08:33:20 -0700
X-W3C-Hub-Spam-Status: No, score=-0.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DMARC_PASS=-0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_NW=1
X-W3C-Scan-Sig: pan.w3.org 1sWHW0-00C0uC-2t a6822fc19944b28ffc4c77108f409f4c
X-Original-To: ietf-http-wg@w3.org
Subject: I-D Action: draft-ietf-httpbis-unprompted-auth-09.txt
Archived-At: <https://www.w3.org/mid/172174880068.513492.17207273161621618346@dt-datatracker-659f84ff76-9wqgv>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52104
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Internet-Draft draft-ietf-httpbis-unprompted-auth-09.txt is now available. It is a work item of the HTTP (HTTPBIS) WG of the IETF. Title: The Concealed HTTP Authentication Scheme Authors: David Schinazi David M. Oliver Jonathan Hoyland Name: draft-ietf-httpbis-unprompted-auth-09.txt Pages: 16 Dates: 2024-07-23 Abstract: Most HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes, however that only works with non-cryptographic authentication schemes: cryptographic signatures require a fresh nonce to be signed. At the time of writing, there was no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document proposes a new non-probeable cryptographic authentication scheme. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-09.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-unprompted-auth-09 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
- I-D Action: draft-ietf-httpbis-unprompted-auth-09… internet-drafts