I-D Action: draft-ietf-httpbis-unprompted-auth-00.txt
internet-drafts@ietf.org Fri, 24 February 2023 23:37 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 391B3C151527 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 24 Feb 2023 15:37:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.648
X-Spam-Level:
X-Spam-Status: No, score=-7.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXcwnvAOqqQ6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 24 Feb 2023 15:37:45 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE07BC14EB14 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 24 Feb 2023 15:37:33 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pVhcu-00Bdzu-C8 for ietf-http-wg-dist@listhub.w3.org; Fri, 24 Feb 2023 23:37:20 +0000
Resent-Date: Fri, 24 Feb 2023 23:37:20 +0000
Resent-Message-Id: <E1pVhcu-00Bdzu-C8@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <internet-drafts@ietf.org>) id 1pVhcr-00BdyG-VF for ietf-http-wg@listhub.w3.org; Fri, 24 Feb 2023 23:37:18 +0000
Received: from mail.ietf.org ([50.223.129.194]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <internet-drafts@ietf.org>) id 1pVhco-002ZgT-Rf for ietf-http-wg@w3.org; Fri, 24 Feb 2023 23:37:18 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B4F9C151B01; Fri, 24 Feb 2023 15:36:37 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.12.0
Auto-Submitted: auto-generated
Reply-To: ietf-http-wg@w3.org
Message-ID: <167728179716.37270.6658017962820804373@ietfa.amsl.com>
Date: Fri, 24 Feb 2023 15:36:37 -0800
Received-SPF: pass client-ip=50.223.129.194; envelope-from=internet-drafts@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-3.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_NW=1
X-W3C-Scan-Sig: titan.w3.org 1pVhco-002ZgT-Rf b00fa9519fc532516aef8a20c34ef550
X-Original-To: ietf-http-wg@w3.org
Subject: I-D Action: draft-ietf-httpbis-unprompted-auth-00.txt
Archived-At: <https://www.w3.org/mid/167728179716.37270.6658017962820804373@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/50751
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This Internet-Draft is a work item of the HTTP WG of the IETF.
Title : HTTP Unprompted Authentication
Authors : David Schinazi
David M. Oliver
Jonathan Hoyland
Filename : draft-ietf-httpbis-unprompted-auth-00.txt
Pages : 9
Date : 2023-02-24
Abstract:
Existing HTTP authentication mechanisms are probeable in the sense
that it is possible for an unauthenticated client to probe whether an
origin serves resources that require authentication. It is possible
for an origin to hide the fact that it requires authentication by not
generating Unauthorized status codes, however that only works with
non-cryptographic authentication schemes: cryptographic schemes (such
as signatures or message authentication codes) require a fresh nonce
to be signed, and there is no existing way for the origin to share
such a nonce without exposing the fact that it serves resources that
require authentication. This document proposes a new non-probeable
cryptographic authentication scheme.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-00.html
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- I-D Action: draft-ietf-httpbis-unprompted-auth-00… internet-drafts