- From: <internet-drafts@ietf.org>
- Date: Thu, 19 Sep 2024 09:09:47 -0700
- To: <i-d-announce@ietf.org>
- Cc: ietf-http-wg@w3.org
Internet-Draft draft-ietf-httpbis-unprompted-auth-12.txt is now available. It is a work item of the HTTP (HTTPBIS) WG of the IETF. Title: The Concealed HTTP Authentication Scheme Authors: David Schinazi David M. Oliver Jonathan Hoyland Name: draft-ietf-httpbis-unprompted-auth-12.txt Pages: 17 Dates: 2024-09-19 Abstract: Most HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes, however that only works with non-cryptographic authentication schemes: cryptographic signatures require a fresh nonce to be signed. Prior to this document, there was no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document defines a new non-probeable cryptographic authentication scheme. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-12.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-unprompted-auth-12 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
Received on Thursday, 19 September 2024 16:09:53 UTC