Web Bot Auth
charter-ietf-webbotauth-01
Yes
Deb Cooley
Mike Bishop
No Objection
Andy Newton
Gunter Van de Velde
Jim Guichard
Roman Danyliw
(Erik Kline)
Note: This ballot was opened for revision 00-03 and is now closed.
Ballot question: "Do we approve of this charter?"
Deb Cooley
Yes
Éric Vyncke
Yes
Comment
(2025-10-23 for -00-03)
Sent
Thanks for implementing my suggestions on 00-00
Gorry Fairhurst
Yes
Comment
(2025-10-06 for -00-03)
Not sent
I expect this to be a valuable activity.
Mike Bishop
Yes
Mohamed Boucadair
Yes
Comment
(2025-10-21 for -00-03)
Sent
Hi all, I support this effort. I still have a comment about this part: CURRENT: Current solutions (such as IP allowlisting, User-Agent strings, and shared API keys) have significant limitations regarding security, scalability, and manageability. It might be helpful to have a document (not targeting to be published as RFC) to inventory these limitations and under which conditions these are encountered. Having a commonly agreed set would help assess the new methods and also inform target deployments. Cheers, Med
Andy Newton
No Objection
Gunter Van de Velde
No Objection
Jim Guichard
No Objection
Mahesh Jethanandani
No Objection
Comment
(2025-10-21 for -00-03)
Sent
I read Paul's comment and had to look in the milestones list to find the sentence he was referencing. If what he mentioned is true, I would have similar concerns about the onus being on the server, and not the bot, for additional information. Can this be clarified?
Roman Danyliw
No Objection
Paul Wouters Former IESG member
Yes
Yes
(2025-10-20 for -00-03)
Sent
One question I have is on the 2nd deliverable, "mechanism for web servers to request additional bot information". This seems to put the onus on the webserver to process (malicious?) bot information to make future decisions on whether to allow authentication. Why is this not the reverse, eg the bot getting additional information from the webserver and the bots need to go out and get their permission settled to authenticate and be allowed?
Erik Kline Former IESG member
No Objection
No Objection
(for -00-03)
Not sent