Hi TLSWG and WebBotAuth,
Cloudflare has just announced [1] some work on mixed traffic endpoints, i.e. those that accept authenticated and unauthenticated traffic. We’ve provided implementations and examples for req mTLS [2], as well as other exploratory paths such as HTTP Message Sigs [3], to enable endpoints to authenticate automated traffic without impacting eyeball traffic. If you’re an implementer, we’d love to collaborate and discuss interop testing. Regards, Jonathan [1] https://blog.cloudflare.com/web-bot-auth [2] https://www.ietf.org/archive/id/draft-jhoyla-req-mtls-flag-02.html [3] https://www.rfc-editor.org/rfc/rfc9421
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
