I-D Action: draft-ietf-httpbis-unprompted-auth-04.txt from internet-drafts@ietf.org on 2023-06-28 (ietf-http-wg@w3.org from April to June 2023)

From: <internet-drafts@ietf.org>
Date: Wed, 28 Jun 2023 16:16:18 -0700
To: <i-d-announce@ietf.org>
Cc: ietf-http-wg@w3.org
Message-ID: <168799417845.46705.9188962368080915702@ietfa.amsl.com>

A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the HTTP (HTTPBIS) WG of
the IETF.

   Title           : The Signature HTTP Authentication Scheme
   Authors         : David Schinazi
                     David M. Oliver
                     Jonathan Hoyland
   Filename        : draft-ietf-httpbis-unprompted-auth-04.txt
   Pages           : 13
   Date            : 2023-06-28

Abstract:
   Existing HTTP authentication schemes are probeable in the sense that
   it is possible for an unauthenticated client to probe whether an
   origin serves resources that require authentication.  It is possible
   for an origin to hide the fact that it requires authentication by not
   generating Unauthorized status codes, however that only works with
   non-cryptographic authentication schemes: cryptographic signatures
   require a fresh nonce to be signed, and there is no existing way for
   the origin to share such a nonce without exposing the fact that it
   serves resources that require authentication.  This document proposes
   a new non-probeable cryptographic authentication scheme.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-04.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-unprompted-auth-04

Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts

Received on Wednesday, 28 June 2023 23:16:24 UTC