IETF Logo Mail Archive

HTTP Unprompted Authentication

David Schinazi <dschinazi.ietf@gmail.com> Thu, 13 October 2022 19:03 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5195C157B52 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 13 Oct 2022 12:03:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.758
X-Spam-Level:
X-Spam-Status: No, score=-7.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlGiKnrIjTCW for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 13 Oct 2022 12:03:16 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 174A5C159493 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 13 Oct 2022 12:02:28 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1oj3QR-005Gk0-Sp for ietf-http-wg-dist@listhub.w3.org; Thu, 13 Oct 2022 18:59:23 +0000
Resent-Date: Thu, 13 Oct 2022 18:59:23 +0000
Resent-Message-Id: <E1oj3QR-005Gk0-Sp@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <dschinazi.ietf@gmail.com>) id 1oj3QQ-005Gii-1T for ietf-http-wg@listhub.w3.org; Thu, 13 Oct 2022 18:59:22 +0000
Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <dschinazi.ietf@gmail.com>) id 1oj3QO-00CSNG-Eo for ietf-http-wg@w3.org; Thu, 13 Oct 2022 18:59:21 +0000
Received: by mail-ed1-x532.google.com with SMTP id m15so3875475edb.13 for <ietf-http-wg@w3.org>; Thu, 13 Oct 2022 11:59:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=h6pdzTDqdbZViMmoGpElbxkeS4EExIzz968YEzhikcw=; b=OWIkJeraJIHaduBZO8rprCZIBuS4iL5BtUKPThL9kDZNd0u2OzaugDaDz/BPm9Sztl Gt/hfyBOpzTfFvpQd48IGx5tBKL1Bn7gwC1TDQcniTk3Au8zzBJvuzn8OjA4yp26LbEa CRvNq3dm9PCQfMBI2iK8MYHq/tGG5WFff9VlvW/6d6ZrYLyx0RSxUXkXk71GOlUtAG8P /U+WX8Os1kSDQ8opKUl+dauwHrbTL+kcB0ENCUoMykr9BqgxIoFSSfcs6SgFiBC9bpSZ uJEUjedUOBGSffsqbNqlg9jaPCx/cmaUvq3KzYHEuWUn9W9Vkv3thuTosnAlghtR1dQ5 0+Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=h6pdzTDqdbZViMmoGpElbxkeS4EExIzz968YEzhikcw=; b=fiw3uwyjPyiNn+w0d5BFF2Zn9noEhhs2mW1wuHxQkpGX+CEJHSZ5+UW7m2tbP7m9rl 5gG2YGLhi7cL4GySn1T1BKJ2gk3nmc/gbZ6hswoxfyxyW5v9Z6SwxU+fTMMekC6K2EIT 5eIAH8UluKeQL8/wPvaFUXFA5k1UTuiWfdRhBK2+73vgcAvaawGhSi9JLFpD04yPgSQz njUsChqMZn3tkLkzQsVn17dnVxsFYvzNQZxOV/hJdUhH6BYxFC9gJOV4Y3E0yUfEFcmF oGvFa0ZsKCStIplIxTXrCnycV3L4cRPHjEuSkHIqipwET7FeB4TaRepq2e7OWsBptvf/ QFwQ==
X-Gm-Message-State: ACrzQf3HHPDbcoiHk8FdLPc9GeXCPweb7o/MqttFJ+2Dd94oD6HXWcI1 eizLeNCy+UwDylRh25trN6EeKzrtYF1h+etA4KtY+uOjOmg=
X-Google-Smtp-Source: AMsMyM42BxFRXf+7SLJ1QUSuLQ1pZdMWVTh9szdKY3RfIRKUGL46T1Pm/2DDoAURtjZNte45aTjBs4c4qwfvdYDhbAg=
X-Received: by 2002:a05:6402:2947:b0:451:32a:2222 with SMTP id ed7-20020a056402294700b00451032a2222mr1026205edb.376.1665687548352; Thu, 13 Oct 2022 11:59:08 -0700 (PDT)
MIME-Version: 1.0
References: <166568682708.62670.1401609977193260774@ietfa.amsl.com>
In-Reply-To: <166568682708.62670.1401609977193260774@ietfa.amsl.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 13 Oct 2022 11:58:56 -0700
Message-ID: <CAPDSy+4KzCqEg-Nt5geb5n87KbJuD=v8pRpRWTB6NsOwr=Bh5g@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: David Oliver <david@guardianproject.info>, Jonathan Hoyland <jonathan.hoyland@gmail.com>, Tommy Pauly <tpauly@apple.com>, Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="000000000000a0621b05eaef1af9"
Received-SPF: pass client-ip=2a00:1450:4864:20::532; envelope-from=dschinazi.ietf@gmail.com; helo=mail-ed1-x532.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=dschinazi.ietf@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1oj3QO-00CSNG-Eo 5a876fefd32d7734da3f00cd27008e7b
X-Original-To: ietf-http-wg@w3.org
Subject: HTTP Unprompted Authentication
Archived-At: <https://www.w3.org/mid/CAPDSy+4KzCqEg-Nt5geb5n87KbJuD=v8pRpRWTB6NsOwr=Bh5g@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40446
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hello HTTP enthusiasts,

At IETF 114 we presented HTTP Transport Authentication, a new mechanism
that allowed an HTTP client to authenticate to a server without the server
disclosing
the fact that it requires authentication. There was interest in working in
this space,
but a few issues were raised with the name of the document and its
security. We've
addressed those concerns, added Jonathan as co-author, and renamed
the draft to
"HTTP Unprompted Authentication". Please let us know what you think.

Chairs, we'd like to request some agenda time at IETF 115 please.

Link to editor's copy:
https://davidschinazi.github.io/draft-schinazi-httpbis-transport-auth/draft-schinazi-httpbis-unprompted-auth.html

Thanks,
David


---------- Forwarded message ---------
Name:           draft-schinazi-httpbis-unprompted-auth
Revision:       00
Title:          HTTP Unprompted Authentication
Document date:  2022-10-13
Group:          Individual Submission
Pages:          9
URL:
https://www.ietf.org/archive/id/draft-schinazi-httpbis-unprompted-auth-00.txt
Status:
https://datatracker.ietf.org/doc/draft-schinazi-httpbis-unprompted-auth/
Html:
https://www.ietf.org/archive/id/draft-schinazi-httpbis-unprompted-auth-00.html
Htmlized:
https://datatracker.ietf.org/doc/html/draft-schinazi-httpbis-unprompted-auth


Abstract:
   Existing HTTP authentication mechanisms are probeable in the sense
   that it is possible for an unauthenticated client to probe whether an
   origin serves resources that require authentication.  It is possible
   for an origin to hide the fact that it requires authentication by not
   generating Unauthorized status codes, however that only works with
   non-cryptographic authentication schemes: cryptographic schemes (such
   as signatures or message authentication codes) require a fresh nonce
   to be signed, and there is no existing way for the origin to share
   such a nonce without exposing the fact that it serves resources that
   require authentication.  This document proposes a new non-probeable
   cryptographic authentication scheme.

v2.35.0 | Report a Bug | By Email | System Status