Document Action: 'HTTP Origin-Bound Authentication (HOBA)' to Experimental RFC (draft-ietf-httpauth-hoba-10.txt)
The IESG <iesg-secretary@ietf.org> Tue, 13 January 2015 01:13 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCD321A8826; Mon, 12 Jan 2015 17:13:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGYBfQM-SeI5; Mon, 12 Jan 2015 17:12:56 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 843B81ACE54; Mon, 12 Jan 2015 17:12:44 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Document Action: 'HTTP Origin-Bound Authentication (HOBA)' to Experimental RFC (draft-ietf-httpauth-hoba-10.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150113011244.19952.65592.idtracker@ietfa.amsl.com>
Date: Mon, 12 Jan 2015 17:12:44 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/VERnfzoa0dD6oxvuJfHmrvcYNdQ>
Cc: httpauth mailing list <http-auth@ietf.org>, httpauth chair <httpauth-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 01:13:02 -0000
The IESG has approved the following document: - 'HTTP Origin-Bound Authentication (HOBA)' (draft-ietf-httpauth-hoba-10.txt) as Experimental RFC This document is the product of the Hypertext Transfer Protocol Authentication Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-httpauth-hoba/ Technical Summary HTTP Origin-Bound Authentication (HOBA) is a digital signature based design for an HTTP authentication method. The design can also be used in Javascript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases. Working Group Summary This document is one of the experimental documents submitted to the HTTP-Auth working group. The proposed authentication method has been reviewed by many participants, mostly in WGLC, resulting in a longish list in the acknowledgements section and some substantial changes. With version -07 it is the consensus of the HTTP-Auth working group that this document is fit to be published as an experimental RFC. Document Quality There are at least two implementations of the protocol in this document ([1],[2]). They work and interoperate, but there is no wide-spread deployment, which suggests that "experimental" is the correct track for this document. All authors have confirmed that they are not aware of any undisclosed IPR associated with this document. There have been no IPR disclosures. [1] https://hoba.ie [2] https://github.com/razevedo/hoba-authentication Personnel Yoav Nir is the document shepherd. Kathleen Moriarty is the responsible Area Directory. RFC Editor note: Change reference name [bland] to [examples] or something similar so it is understood what is the intended use of the reference. I'm sure the author just put it there to make sure I checked ;-)