draft-ietf-httpbis-unprompted-auth-09.txt   draft-ietf-httpbis-unprompted-auth-latest.txt 
HTTPBIS Working Group D. Schinazi HTTPBIS Working Group D. Schinazi
Internet-Draft Google LLC Internet-Draft Google LLC
Intended status: Standards Track D. Oliver Intended status: Standards Track D. Oliver
Expires: January 24, 2025 Guardian Project Expires: January 27, 2025 Guardian Project
J. Hoyland J. Hoyland
Cloudflare Inc. Cloudflare Inc.
July 23, 2024 July 26, 2024
The Concealed HTTP Authentication Scheme The Concealed HTTP Authentication Scheme
draft-ietf-httpbis-unprompted-auth-09 draft-ietf-httpbis-unprompted-auth-latest
Abstract Abstract
Most HTTP authentication schemes are probeable in the sense that it Most HTTP authentication schemes are probeable in the sense that it
is possible for an unauthenticated client to probe whether an origin is possible for an unauthenticated client to probe whether an origin
serves resources that require authentication. It is possible for an serves resources that require authentication. It is possible for an
origin to hide the fact that it requires authentication by not origin to hide the fact that it requires authentication by not
generating Unauthorized status codes, however that only works with generating Unauthorized status codes, however that only works with
non-cryptographic authentication schemes: cryptographic signatures non-cryptographic authentication schemes: cryptographic signatures
require a fresh nonce to be signed. At the time of writing, there require a fresh nonce to be signed. At the time of writing, there
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 24, 2025. This Internet-Draft will expire on January 27, 2025.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
 End of changes. 4 change blocks. 
4 lines changed or deleted 4 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/