I-D Action: draft-schinazi-httpbis-transport-auth-08.txt
internet-drafts@ietf.org Thu, 13 October 2022 18:36 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7572DC157B52 for <i-d-announce@ietf.org>; Thu, 13 Oct 2022 11:36:54 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-schinazi-httpbis-transport-auth-08.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 8.17.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166568621446.13325.2260942406123499601@ietfa.amsl.com>
Date: Thu, 13 Oct 2022 11:36:54 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/8PsxMf_oe2WCusDe9fLJCf0IF4I>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2022 18:36:54 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : HTTP Unprompted Authentication Authors : David Schinazi David M. Oliver Jonathan Hoyland Filename : draft-schinazi-httpbis-transport-auth-08.txt Pages : 9 Date : 2022-10-13 Abstract: Existing HTTP authentication mechanisms are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes, however that only works with non-cryptographic authentication schemes: cryptographic schemes (such as signatures or message authentication codes) require a fresh nonce to be signed, and there is no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document proposes a new non-probeable cryptographic authentication scheme. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-schinazi-httpbis-transport-auth/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-schinazi-httpbis-transport-auth-08.html A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-schinazi-httpbis-transport-auth-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- I-D Action: draft-schinazi-httpbis-transport-auth… internet-drafts