{"draft":"draft-ietf-httpbis-unprompted-auth-12","doc_id":"RFC9729","title":"The Concealed HTTP Authentication Scheme","authors":["D. Schinazi","D. Oliver","J. Hoyland"],"format":["HTML","TEXT","PDF","XML"],"page_count":"15","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"HTTP","abstract":"Most HTTP authentication schemes are probeable in the sense that it\r\nis possible for an unauthenticated client to probe whether an origin\r\nserves resources that require authentication. It is possible for an\r\norigin to hide the fact that it requires authentication by not\r\ngenerating Unauthorized status codes; however, that only works with\r\nnon-cryptographic authentication schemes: cryptographic signatures\r\nrequire a fresh nonce to be signed. Prior to this document, there was\r\nno existing way for the origin to share such a nonce without exposing\r\nthe fact that it serves resources that require authentication. This\r\ndocument defines a new non-probeable cryptographic authentication\r\nscheme.","pub_date":"February 2025","keywords":["secure","tunnels","masque","http-ng"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9729","errata_url":null}