Re: HTTP Unprompted Authentication

Hi Ben,

I don't think confidential HTTP resources are a solved problem. The
unguessable path approach you describe is similar to a shared secret (à la
symmetric cryptography) but there is no equivalent for
asymmetric cryptography. While I think your draft is interesting and worth
discussing, I think the technology overlap isn't big enough to warrant
discussing the two drafts together - they're separate proposals with
different goals.

Thanks,
David


On Tue, Oct 18, 2022 at 9:14 AM Ben Schwartz <bemasc@google.com> wrote:

> I support the goals of the Unprompted Authentication draft.  In fact, I'm
> so supportive that I recently posted a draft that happens to solve an
> overlapping problem in a very different way: "Modernizing HTTP Forward
> Proxy Functionality" [1].
>
> To step back: confidential HTTP _resources_ are arguably a solved
> problem.  We can simply place the resource at an unguessable path (e.g.
> "capability URLs" [2]).  The problem mentioned by this draft occurs when
> the HTTP service is origin-scoped (e.g. it is not a resource).  The only
> non-resource HTTP service that I'm aware of is forward proxy
> functionality.  Thus, one way to improve confidentiality of proxies is to
> make them path-scoped, and this is what the "Modernizing" draft does.
>
> These proposals are not mutually exclusive.  Path-scoped proxies have
> other benefits, and unprompted authentication could be useful for other
> services with inflexible paths (e.g. .well-known/ resources).  However,
> given the overlapping use cases, these drafts should probably be discussed
> together.
>
> --Ben
>
> [1] https://datatracker.ietf.org/doc/draft-schwartz-modern-http-proxies/
> [2] https://www.w3.org/TR/capability-urls/
>