- From: David Schinazi <dschinazi.ietf@gmail.com>
- Date: Tue, 10 Oct 2023 17:48:45 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>
Received on Wednesday, 11 October 2023 00:49:02 UTC
Hi HTTP enthusiasts, At our last meeting in San Francisco, we discussed potentially redesigning Unprompted Auth on top of TLS Exported Authenticators, because that could simplify our security analysis. However, we've spent some time looking into the tradeoffs of doing that, and it turns out that it would make implementation and deployment sufficiently harder to be a deal breaker for some use-cases. If you have thoughts about this, please take a look at the full discussion on GitHub: https://github.com/httpwg/http-extensions/issues/2604 and share your opinion there. Assuming no one objects, we'll close out the issue. This being the last major design question, that'll allow us to start building multiple interoperable implementations in time for the Prague hackathon. Cheers, David
Received on Wednesday, 11 October 2023 00:49:02 UTC