| Internet-Draft | MoLE HTTP Transport | July 2026 |
| Schlesinger, et al. | Expires 7 January 2027 | [Page] |
MoLE targets browser deployments, so Clients, Anchors, and Moderators need an HTTP transport for the protocol flows defined by the architecture.¶
This document defines the Mole HTTP authentication scheme, which carries
challenges and presentations for the endorsement and credential flows, and
the headers used to return credential material. The grant exchanges with
the Anchor are defined per protocol in [PROTOCOLS].¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://moderation-of-unlinkable-endorsements.github.io/internet-drafts/draft-jms-mole-http-transport.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-jms-mole-http-transport/.¶
Source for this draft and an issue tracker can be found at https://github.com/Moderation-of-unLinkable-Endorsements/internet-drafts.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 7 January 2027.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
TODO¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the TLS presentation language [TLS13] to describe the structure of protocol messages. In addition to the base syntax, it uses two additional features: the ability for fields to be optional and the ability for vectors to have variable-size length headers.¶
An optional value is encoded with a presence-signaling octet, followed by the value itself if present. When decoding, a presence octet with a value other than 0 or 1 MUST be rejected as malformed.¶
struct {
uint8 present;
select (present) {
case 0: struct{};
case 1: T value;
};
} optional<T>;
¶
In the TLS presentation language, vectors are encoded as a sequence of encoded elements prefixed with a length. The length field has a fixed size set by specifying the minimum and maximum lengths of the encoded sequence of elements.¶
In this document, there are several vectors whose sizes vary over significant
ranges. So instead of using a fixed-size length field, it uses a variable-size
length using a variable-length integer encoding based on the one described in
Section 16 of [QUIC]. They differ only in that the one here requires a
minimum-size encoding. Instead of presenting min and max values, the vector
description simply includes a V. For example:¶
struct {
uint32 fixed<0..255>;
opaque variable<V>;
} StructWithVectors;
¶
We describe the HTTP authentication method used by a Client that has an Endorsement from an Anchor and obtains a Credential from a Moderator.¶
The Mole authentication scheme follows the HTTP authentication framework
defined in [HTTP]. It carries challenges, redemptions, and
presentations: an Anchor or a Moderator challenges the Client, and the
Client answers in the Authorization header of a request. Only the grant
exchanges with the Anchor sit outside the scheme. Their carriage is
defined per endorsement protocol in [PROTOCOLS], for example over HTTP
POST.¶
A challenge names a single endorsement or credential type. To offer a
choice, a server sends multiple Mole challenges; the Client picks one it
supports and MUST ignore challenges whose type it does not recognize.¶
All base64url values in this document are encoded without padding ([BASE64]).¶
Anchors and Moderators publish configuration used by Clients before running the HTTP authentication flows. Configuration includes endpoint URLs, supported protocol types, public key material, and the Anchor set associated with each Moderator policy. Its contents and format are defined in the Key Rotation and Discovery section of [PROTOCOLS].¶
Moderators can use MoLE as optional authentication. A 200 response MAY
include a WWW-Authenticate: Mole challenge. This tells the Client that a
later request can include a presentation, for example to get a higher limit
or avoid other friction. In such deployments, Clients SHOULD apply the
greasing rules of [PROTOCOLS].¶
A 401 response with a WWW-Authenticate: Mole challenge means that the
Moderator requires MoLE, or another acceptable authentication scheme,
before serving the resource. A 403 response means that the Moderator
understood the presented MoLE material but did not accept it under policy.¶
The criteria to provide an endorsement is left to the Anchor. This document only defines the HTTP carriage for the Endorsement protocol messages.¶
struct {
uint16 endorsement_type;
opaque anchor_context<V>;
} EndorsementChallenge;
¶
WWW-Authenticate: Mole challenge="<endorsement-challenge>",
realm="anchor"
¶
After receiving a challenge, the Client runs the grant exchanges with the
Anchor as defined by the endorsement protocol in [PROTOCOLS], for
example HTTP POST requests such as the ones defined there. The
anchor_context from the challenge is carried into the first request as
specified by the endorsement type.¶
struct {
uint16 endorsement_type; // always present, see PROTOCOLS
opaque challenge<V>;
} ModeratorChallenge;
¶
The challenge field carries the Challenge structure of the named
endorsement type, defined in [PROTOCOLS].¶
The following structure is an example refinement of ModeratorChallenge.¶
struct {
opaque policy_context<V>; // Moderator-generated policy identifier
opaque anchor_set<V>; // Endorsement-type-specific Anchor material
} MoleModeratorChallenge;
¶
In MoleModeratorChallenge, anchor_set is opaque. Clients MUST NOT assume
array semantics unless the endorsement type defines them.¶
WWW-Authenticate: Mole challenge="<moderator-challenge>",
realm="moderator"
¶
The Client answers with a CredentialRequest ([PROTOCOLS]) in the
Authorization header of a request to the Moderator. It carries the
endorsement redemption, bound to this challenge, together with the
issuance request.¶
Authorization: Mole credential-request="<credential-request>"¶
The Moderator returns the CredentialResponse ([PROTOCOLS]) in the
Mole-Credential response header.¶
Mole-Credential: response="<credential-response>"¶
struct {
uint16 credential_type; // always present, see PROTOCOLS
opaque challenge<V>;
} CredentialChallenge;
¶
The challenge field carries the Challenge structure of the named
credential type, defined in [PROTOCOLS].¶
The following structures are example refinements of CredentialChallenge.¶
struct {
opaque moderator_uri<1..2^16-1>; // URI of the moderator
opaque presentation_context<V>;
} MoleCredentialChallenge;
struct {
opaque policy_context<V>; // Moderator-generated policy identifier
opaque request_context<V>; // binding value, analogous to
// redemption_context in RFC 9577
} MolePresentationContext;
¶
The moderator_uri field contains a URI (defined by [URI]). It names the
endpoint where the Client runs Redeem & Issue if it holds no Credential.¶
In MolePresentationContext, policy_context identifies the Moderator
policy and accepted Anchor set used for this resource. Different resources
MAY use different policy contexts while sharing the same Moderator. The
value MUST be non-empty.¶
The request_context field binds the presentation to a request, session,
or time window. A non-empty value affects credential caching and replay
handling.¶
TODO(thibault): 1. decide exact construction rules for request_context. maybe it should include policy_context.¶
WWW-Authenticate: Mole challenge="<credential-challenge>",
realm="moderator"
¶
struct {
uint16 credential_type; // always present, see PROTOCOLS
opaque presentation_and_update<V>;
} CredentialPresentation;
¶
The presentation_and_update field carries the PresentationAndUpdate
structure of the named credential type, defined in [PROTOCOLS].¶
Authorization: Mole presentation="<credential-presentation>"¶
A complete instantiation example is given in the appendix of [PROTOCOLS].¶
TODO(thibault) 1. Headers do not have a fixed protocol limit, but large values are hard to deploy. Other instantiations may define another method, such as returning a URL that the client can fetch. TBD¶
struct {
uint16 credential_type;
opaque update_response<V>;
} CredentialUpdate;
struct {
optional<CredentialUpdate> update;
} OptionalCredentialUpdate;
¶
The update_response field carries the Update structure of the named
credential type, defined in [PROTOCOLS].¶
Updates use the same Mole-Credential header as issuance: both return
credential material from the Moderator. The parameter distinguishes them,
response for issuance and update after a presentation.¶
The Moderator MUST send Mole-Credential with the update parameter
after a presentation. It sets the update when the Credential remains
usable after presentation. It marks the update as absent to intentionally
consume the Credential. Clients MUST follow the Credential type semantics
for reuse after an omitted update.¶
Mole-Credential: update="<optional-credential-update>"¶
Each credential type MUST define the challenge fields that partition cached Credentials, or state that Credentials of that type are not cacheable.¶
All exchanges defined in this document MUST be carried over HTTPS.¶
TODO. The list to cover:¶
This document registers the Mole authentication scheme, as defined in
Section 4, in the "HTTP Authentication Schemes"
registry.¶
This document registers the Mole-Credential field name in the
"Hypertext Transfer Protocol (HTTP) Field Name Registry".¶
Endorsement and credential type values are registered in [PROTOCOLS], not in this document.¶
TODO acknowledge.¶