Unprompted Auth and Exported Authenticators from David Schinazi on 2023-10-11 (ietf-http-wg@w3.org from October to December 2023)

From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 10 Oct 2023 17:48:45 -0700
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAPDSy+65PZinC-fkHdPembHScyZZ00HMCf2nXAHRMMDUDFKXHg@mail.gmail.com>

Hi HTTP enthusiasts,

At our last meeting in San Francisco, we discussed potentially redesigning
Unprompted Auth on top of TLS Exported Authenticators, because that could
simplify our security analysis. However, we've spent some time looking into
the tradeoffs of doing that, and it turns out that it would make
implementation and deployment sufficiently harder to be a deal breaker for
some use-cases.

If you have thoughts about this, please take a look at the full discussion
on GitHub:
https://github.com/httpwg/http-extensions/issues/2604
and share your opinion there.

Assuming no one objects, we'll close out the issue. This being the last
major design question, that'll allow us to start building multiple
interoperable implementations in time for the Prague hackathon.

Cheers,
David

Received on Wednesday, 11 October 2023 00:49:02 UTC