Document Action: 'Client-Cert HTTP Header Field' to Informational RFC (draft-ietf-httpbis-client-cert-field-06.txt)

The IESG has approved the following document:
- 'Client-Cert HTTP Header Field'
  (draft-ietf-httpbis-client-cert-field-06.txt) as Informational RFC

This document is the product of the HTTP Working Group.

The IESG contact persons are Murray Kucherawy and Francesca Palombini.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-client-cert-field/





Technical Summary

   This document describes HTTP extension header fields that allow a TLS
   terminating reverse proxy to convey the client certificate
   information of a mutually-authenticated TLS connection to the origin
   server in a common and predictable manner.

Working Group Summary

   This document enjoyed relatively widespread discussion in the group. The specification is documenting and consolidating current practice that's fairly widespread. During the call for adoption, some expressed concern about whether this is actually a practice we want to recommend, from a security perspective. The resolution of that discussion was to publish as Informational, rather than Standards Track.

Document Quality

   There are many implementations that use the same pattern; this specification attempts to consolidate them into one approach on the wire. It has not had external reviews, but there has been active participation from folks from the Security area.

Personnel

   Document Shepherd: Mark Nottingham
   Responsible Area Director: Francesca Palombini

Received on Friday, 17 March 2023 18:34:51 UTC