IETF Logo Mail Archive

RE: Working Group Last Call: The Concealed HTTP Authentication Scheme

Mike Bishop <mbishop@evequefou.be> Wed, 12 June 2024 19:08 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAF8FC1D5C4B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Jun 2024 12:08:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.758
X-Spam-Level:
X-Spam-Status: No, score=-2.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="JGV+55ny"; dkim=pass (2048-bit key) header.d=w3.org header.b="pD3/+KaA"; dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com header.b="t5MDMbNH"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 651b2ejlvBhd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Jun 2024 12:08:24 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E856AC1D6FD9 for <httpbisa-archive-bis2Juki@ietf.org>; Wed, 12 Jun 2024 12:08:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:MIME-Version:Content-Type:In-Reply-To:References:Message-ID: Date:CC:To:From:Reply-To; bh=sYS9YJNZPR5SDhMHJvtX3H8YVxRQ4opiZhDBr6FSwP0=; b= JGV+55nycFmq42oJZNZjR/2lOqtNPsUzZmCrSjQvN6PBXIv2n4d6VXwxre0yCKp0rvh91oc80WOxX DkHjwaFa/yX0GhkSRDPoKKhFMtXMFHd6yP8NXylLtpMj/XqgvDhsPYwcTGN5jkmt9+0G7Dfege9fy IYyvl1UKqPR3d6TVMJMQXmONUyET1yp3d3efbkffQJ3bdtGu+ruwduhcE2cbbySc/e4A5mRpuXTE0 DYDFz1trAnvkUD8we97x3S219D/mdG+N8nTQCkbn185Q9FWupu1I3P8v9ftlgO/G0e8KqlVZVyu0S roMMrhTtJaBSFKFE1zLQkws+W9EowCPh1Q==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1sHTJg-00Haly-0o for ietf-http-wg-dist@listhub.w3.org; Wed, 12 Jun 2024 19:07:28 +0000
Resent-Date: Wed, 12 Jun 2024 19:07:28 +0000
Resent-Message-Id: <E1sHTJg-00Haly-0o@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mbishop@evequefou.be>) id 1sHTJd-00Haky-2d for ietf-http-wg@listhub.w3.internal; Wed, 12 Jun 2024 19:07:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=MIME-Version:Content-Type:In-Reply-To:References:Message-ID:Date: Subject:CC:To:From:Reply-To; bh=sYS9YJNZPR5SDhMHJvtX3H8YVxRQ4opiZhDBr6FSwP0=; t=1718219245; x=1719083245; b=pD3/+KaA/twnDEl86uE5Scb0B8g4HwAFHMdm9kVXpIrrZwt b8sYevYWgkMLlkJEO/F93qldERfDT3nWz6vJoaal5SNcJSSxZ54230VlMXoqeLtpgW0Y0WYEs9SgX qIqgviKN+lf3Ih+gjfYc3Nton6FD5ynoCAgHll6veAuTmShUYIPNWg78+gJAAvcmLgjYR1+wORLS7 AS4IvMR+Cyrb91nGzGpDCRLNezACwash20umf3wFdPpmPavnKnC29tuLOgwsYA4mFEwW1kf3fZ9kE Cf5bgmPCwPKTox3czu4hmzjsWHiPerzqcW/5tv3X0/NYpXcFeJl/BEfu9fta/wkw==;
Received-SPF: pass (pan.w3.org: domain of evequefou.be designates 40.107.93.100 as permitted sender) client-ip=40.107.93.100; envelope-from=mbishop@evequefou.be; helo=NAM10-DM6-obe.outbound.protection.outlook.com;
Received: from mail-dm6nam10on2100.outbound.protection.outlook.com ([40.107.93.100] helo=NAM10-DM6-obe.outbound.protection.outlook.com) by pan.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mbishop@evequefou.be>) id 1sHTJd-00EJp1-0F for ietf-http-wg@w3.org; Wed, 12 Jun 2024 19:07:25 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cn9i6A1kvXD17Hv9dEjLrrx8AEbx+5xxff7kr0uEdzvZEvxjEeHPzPFuVL/QwD/40P3iJ0DsgzySn+uCbIVoGXsW0RbOnk2+Te6kpE9OyUt/tERN2cwe7KGmSQiqRgVfq2G+4/JfQ+M9LDQkAu4T/LkepBfldishVVyCG5BP6FRfWvYiMW8+A7lRaF31c9ma5vMgLy7d6a0R//7AuuZ3PqsHhMmSsWhv9HroZkbwuAkzqXScKxI6+dk0Nb8SZGfpm4/8wdUeUkyAojeoe2wWx1Kv1j4YqfNarzXILWuO/uh2OwCQpCecgfx8U9E2bFn/ZZzVCfOz5Trq/jmnn2cong==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sYS9YJNZPR5SDhMHJvtX3H8YVxRQ4opiZhDBr6FSwP0=; b=Hr81ZmrDeYtV0pzqaCwdQV6aP9WnPvMeF4OP1HLQRUUPYlvwCxuuiKYkLDdT7HR8NAvCyP2ReecRnDsSSayzSuAdAZfTEmt+Dn78CCgljJ+dtP4estCodlZwr3hSpoVvDPwnYgLVFzg4iYY4rqtNOrqb53TvOertIrN/gwRBfOLNaS0Ulgj7tS3sD2itWfS48TfPbzZGxSVyMKvlLrfn5IE/bQPYG6sF7esLj9crOYh/7wkocmnkky2j3qmkbZZuCIrZt+mXxVgoFf/VZ04LwVGyVQWNKQhlHlTz6FGLIVR/ki+NDFsGiC6QCzzzXI0hpeBLvfEp3OIZyUpXkKq0/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sYS9YJNZPR5SDhMHJvtX3H8YVxRQ4opiZhDBr6FSwP0=; b=t5MDMbNHd8MrX+r/LNdoWLjdPAGEx/W6ubvlllHTjlhIK25FdOUkeWceYKZZb10vkrodEgCsFmZT37kkOsj/h+NWYbGZMwoF8P1zUmh9ir754wrHDrLT95giGN7jOlhCvevAW4WZrBMQcjBkREC415uWwxwO+EcAlmMUD97frAE=
Received: from PH0PR22MB3102.namprd22.prod.outlook.com (2603:10b6:510:143::15) by BY1PR22MB5579.namprd22.prod.outlook.com (2603:10b6:a03:4a7::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.37; Wed, 12 Jun 2024 19:07:15 +0000
Received: from PH0PR22MB3102.namprd22.prod.outlook.com ([fe80::1cce:994d:80bf:7942]) by PH0PR22MB3102.namprd22.prod.outlook.com ([fe80::1cce:994d:80bf:7942%4]) with mapi id 15.20.7677.019; Wed, 12 Jun 2024 19:07:15 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
CC: Tommy Pauly <tpauly@apple.com>
Thread-Topic: Working Group Last Call: The Concealed HTTP Authentication Scheme
Thread-Index: AQHavDl5w9gHN9K+vUOgdMV4MFqHzLHEfm+A
Date: Wed, 12 Jun 2024 19:07:14 +0000
Message-ID: <PH0PR22MB3102545B08A70BF74933F240DAC02@PH0PR22MB3102.namprd22.prod.outlook.com>
References: <4270C5C8-23AA-456C-8AB4-A8B23E83224C@mnot.net>
In-Reply-To: <4270C5C8-23AA-456C-8AB4-A8B23E83224C@mnot.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=evequefou.be;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR22MB3102:EE_|BY1PR22MB5579:EE_
x-ms-office365-filtering-correlation-id: 161b317b-1978-471e-32f9-08dc8b12df34
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230034|366010|376008|1800799018|38070700012;
x-microsoft-antispam-message-info: Ph0H4JuCSgsnFqoKFh/D0WUQ/j8REHIoUJQmHNcyNbGrPkUUw24oBvED/9+lID2cFzpK3kvqemQ7HfnkzYdvAPPehpATqW/mr9q0HS6M5p33XJy6r2xULcqN8w9xQvlvdAoKQNv/td9bjRCkNnsc9ut1Kcn3aDONZr4M3/LPIsJ2vEHCzvfojNGwI8atI0TgD/Z+eX14yrip9TmDaRvbf+TXvmQKrM5hE60OG+0IfbgTSx0UEOm6k7TQcOV8N5pUNwMip+JiFdTyNGCjLexfJFNf/cnPxez9bEoCFNJFT8GSe+hVQpjXCx9WREgaMk274Sqiid7nO4NtZWrydJQzP+lICa6L7qx/XidQwj+pC/9tGDnrEwVehGIxIwp0E538z+T20C/e048AIUFvcOtL2HXZkZauPDsmp4zSmykfli6SLDVOOyMwa6W2DJfCc17CJfYGox5HYjZgC0IQhjyVppZRBTwOk+vr9FLIMo6Ic7X4AiRl0wKC9UcDay5eB0ttl7dyCZM3goa7CD5ilOgSpwnqkS8qgochSra39dLzv55WaYj905yOjNiYUnKOoHVYyfv93wGpctup95tfc6AqD5h8iwSl7Y7Cf2eBgaCcZeHkNWpE7J3bUXFGhy7fmzfQVFwlA6kDCTfIGpurbVzSkfQ2qsVUEDDeV07T6sjfnWOx52hyOoiTGVgR5EO6fsowNpBctpRk30osxdUH0dznU1aKfjp1AmytIJta8YbYmj/BY11eKz60Iu91uYpo1vMYQgZKfG8x8eG8on1m99cC3WsK+nHK9/+mYXmDk3c7sFlvYC4vnQ/sqoNTAgdV4PZ1vIPK7eLYEk5Ou/BquCg1i7sSCE6b24PJF5Jm9rD/mEq1QsFQ2rDK3MJfNRZrSLDDIWeQvRQ7cAn0C4wVlml9pWztifwS+TAc+ITiFPgiahuUXWMK3CrSozRNiAU9VbeBzWsb31rhyvCEBL4Y5vhPvb9+/j44cE0ONTHc0PJZ/aCB8HOYnYiPy7PYDOMwSx8ZMgkpatIjVTb8EfvUEqiDoqpD1FlmpVgobV4J56uGifRhM2eLQimjB7pZwpAXD69lhqkAmGvpzlY+I9yFTeLa4elBL8Ezl0nScdt1uzfgAXXxxgZN4WRcXNHS4vSFz0jQLcBBTSwNEjHvM2VNP78wzopOVgo3bdlx3IOgjZQhdsupCp1ynX/lBciZGAnX6cPrfhfR1Ttydp4q7u17ooZHbnI9tfETM6ll0Nph23WdzZw/Y4VcH3h7Ot6xKbnrzAwedqc+URd9KvQFbjgO12doBRCPodN3854QJv1EFKHloZGl+BTSZQrHaWnXP27IfWqs
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR22MB3102.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230034)(366010)(376008)(1800799018)(38070700012);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ANqVdhXt/2BtfP8DrzEcE+2/FyiOpFh+aGxnBCJYZLXeAQLKipFNmVVnRLZ1XLu+rV2fgkPs/OnpGcKb/YwNSV9XaMV2bVTyNWUSe5c8+k+uuJDAB42xqPdWoL1723Z632Ku+nklzEbbwTI0ZFCIfIpCgVB0em1SgcuxZk0U8L75ljiISmRXBGtX/TWhgwcndUovxYhyBhpKPWMUfCN92SoAF4aevyTOIc773MOpFfKM4c8BsVUEyHFoTx/21GVYYxZo6nD507GhUmh5+ahwd6rOR/djTT2ZUffHzKKdGksQdNedFNxJptogUhg502VhI0v+aGE9lkBhQxahQ6gsPYWcUvYB2Rupd6B+4ulF9+gP/+7ap1xQrFFYnwRXY6jYJzMdnl4mW0JvYXNlg2So91aXkhZcbQqwTMDv04lMQa2L6gepK49nkinlOzF34YAvLwyxxRn0+zAqZQIHo7KVAbHGglbGe8BNMPplIsGrGPyzxxUoulfYe3OYHNueK0vQ/MJYOxU9rSaUwDg3pXFZGaLH0Uw7c9br6nesVX8sspRe8McuytayEJYTSPFGJA6Jf2eRVSEIqfA9ZgUTspAPiOoZ4XEXW8vzd18OC/qhxizbzqxH5CFe1ARTivC6qaRrvfSMRmsnxGIpJZ+ZKPW5tj25vxsV3bqPmLty+kGMBOcJRPJNV90F/NPqhGSXe+gal5AHgPeCo75xMO+hWQ26Xfl0JVpadWHopZIBNr5/MQQan6A89D4V7o8Hp87Z0u5SwyQNvW4Yt2FVsaxdcZtDoq4hZHGQV1DhR4l8yz8EYm0J2u5sN2uf9G+UPtYOzivXgUjhUFswDAnwq0xBt4A8AKop/BMd0cDGX/jf6djvRw+OBRYISdYPbwsddkCA1uI4/aj2zV0YVtXWUWFjhhZ5PJ3ZDrL24maCxzXkUO7UJmZbUH4MRjRLRqeB0BHFZ4h83+ycpj7bV6KlVdHsxb7Fe259uTzRP5HGowP7LrHlXOLMrDOmGQcoEU0LYI54yT8IW1AJHNUrqehTVTcDG+xGjJv5X5sSXJ7CqZyfe9DfvS2Wwj1zEFMh8dc+YrYzjCQLlMCqN7kTpZohyjJAyb7C3Wo34uIWFFo7pl5wQFd9XFId8yRD0Hz3d572bt5915R687U4xjh5m1ntedviQ0OW0H9sqrQRZezH1T5qe1iiTMZkYrMq8BqKj5UEngaDWWi/wYsz0UumJ0qhnhjLUNE318jLw9qFa9Et2kQOHwcfPG8g+nt+GgE5FnCh5msv+OjVFlAbUeCLwmD0wmTsO+v+f/yQ2AKurZATjVs6ViKJWBTYfny9hDKJllXbRcIh6jRa0mgPhGT5E7WgVq/A5OqVvEOTufwai/uH2RYkeb415orcZEwRMxpvUlzIvCbtdcA9l/GfGdDHsQ0YWzeLTkGIP4zTtcQPuj7Biz4JIXJ0sbmHv1WG9tI8Gl2pTnIiPVKNvFRpAdo+Md5Y2AvhFMYWJD11aXzxaNIdsfmzCvYFxlBavcMDFQRVoP47bhksIoc5CimrPvRiLJT86RJfGn6DyiKzVTRM05WSN2hH/q4X2zwvgLesQ7mB5VBorM5UZOM1ePWc8xw82M3BvabnssbwVjDVw4/KZisXXH8NNz3BSQdqCRGCO/A1J7aBayen6nkb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR22MB3102.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 161b317b-1978-471e-32f9-08dc8b12df34
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2024 19:07:14.9547 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /RdqGpt0oeTmOZasNC5hcQd9KZy8PgLi9FUu23gJ2w9FyZawRXZzTNIySuFIvIhk0Mv+Vyx9sDXGalln/VEbfQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR22MB5579
X-W3C-Hub-DKIM-Status: validation passed: (address=mbishop@evequefou.be domain=evequefou.onmicrosoft.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: ARC_SIGNED=0.001, ARC_VALID=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DMARC_MISSING=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1sHTJd-00EJp1-0F 6ecd988be18df4bf80cc61738c370ab0
X-Original-To: ietf-http-wg@w3.org
Subject: RE: Working Group Last Call: The Concealed HTTP Authentication Scheme
Archived-At: <https://www.w3.org/mid/PH0PR22MB3102545B08A70BF74933F240DAC02@PH0PR22MB3102.namprd22.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51996
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I have reviewed the document and raised a few issues on GitHub. None of them are blockers, and I support publication of this document.

-----Original Message-----
From: Mark Nottingham <mnot@mnot.net> 
Sent: Tuesday, June 11, 2024 3:55 PM
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: Tommy Pauly <tpauly@apple.com>
Subject: Working Group Last Call: The Concealed HTTP Authentication Scheme

Working Group participants,

This e-mail announces Working Group Last Call for revision 07 of the following document:
  https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/

There are no outstanding issues in GitHub, and the editors indicate that they believe it is ready.

Please review the document and raise any issues you find (preferably on GitHub, but also acceptable on-list) and indicate whether you support publication (or object to it) in response to this message.

Working Group Last Call will end on 27 June 2024.

Cheers,

--
Mark Nottingham   https://www.mnot.net/

v2.37.1 | Report a Bug | By Email | System Status