%% You should probably cite rfc9729 instead of this I-D.
@techreport{ietf-httpbis-unprompted-auth-04,
    number =    {draft-ietf-httpbis-unprompted-auth-04},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-httpbis-unprompted-auth/04/},
    author =    {David Schinazi and David Oliver and Jonathan Hoyland},
    title =     {{The Signature HTTP Authentication Scheme}},
    pagetotal = 13,
    year =      ,
    month =     ,
    day =       ,
    abstract =  {Existing HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes, however that only works with non-cryptographic authentication schemes: cryptographic signatures require a fresh nonce to be signed, and there is no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document proposes a new non-probeable cryptographic authentication scheme.},
}