I-D Action: draft-ietf-httpbis-unprompted-auth-08.txt from internet-drafts@ietf.org on 2024-07-05 (ietf-http-wg@w3.org from July to September 2024)

From: <internet-drafts@ietf.org>
Date: Fri, 05 Jul 2024 14:55:04 -0700
To: <i-d-announce@ietf.org>
Cc: ietf-http-wg@w3.org
Message-ID: <172021650400.1449701.8339228927905922229@dt-datatracker-5f88556585-g8gwj>

Internet-Draft draft-ietf-httpbis-unprompted-auth-08.txt is now available. It
is a work item of the HTTP (HTTPBIS) WG of the IETF.

   Title:   The Concealed HTTP Authentication Scheme
   Authors: David Schinazi
            David M. Oliver
            Jonathan Hoyland
   Name:    draft-ietf-httpbis-unprompted-auth-08.txt
   Pages:   16
   Dates:   2024-07-05

Abstract:

   Most HTTP authentication schemes are probeable in the sense that it
   is possible for an unauthenticated client to probe whether an origin
   serves resources that require authentication.  It is possible for an
   origin to hide the fact that it requires authentication by not
   generating Unauthorized status codes, however that only works with
   non-cryptographic authentication schemes: cryptographic signatures
   require a fresh nonce to be signed.  At the time of writing, there
   was no existing way for the origin to share such a nonce without
   exposing the fact that it serves resources that require
   authentication.  This document proposes a new non-probeable
   cryptographic authentication scheme.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-08.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-unprompted-auth-08

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

Received on Friday, 5 July 2024 21:55:09 UTC