ThreatCluster

New Drafts for HTTP Message Signatures and Bot Authentication Released

First seen 14 Jul 2026, 17:57 UTC datatracker.ietf.org 84% similarity 25

Article Content

Browse articles
ThreatCluster

On July 14, 2026, two drafts were published by the IETF focusing on HTTP Message Signatures and bot authentication. The first draft outlines an architecture for automated traffic identification using cryptographic signatures, addressing limitations of current methods like IP allowlisting and User-Agent strings. The second draft introduces a key directory format for clients to advertise their signing keys, facilitating in-band key discovery. Both drafts aim to enhance security and trust in automated systems, particularly in light of increasing agent traffic on the Internet. The drafts are currently in the Internet-Draft stage and will expire on September 3, 2026. They are not yet RFCs and are subject to further revisions.

Key Points: • Two IETF drafts released on July 14, 2026, focus on HTTP Message Signatures and bot authentication. • The drafts aim to improve security for automated traffic by using cryptographic signatures. • Current identification methods for bots are deemed inadequate due to their vulnerabilities.

ThreatCluster AI

Timeline

2026-07-14
Draft Meunier Web Bot Auth Architecture published
This draft proposes an architecture for identifying automated traffic using cryptographic signatures to enhance security.
datatracker.ietf.org
2026-07-14
Draft Meunier Http Message Signatures Directory published
This draft describes a method for clients to advertise their signing keys and defines a key directory format.
datatracker.ietf.org

Community

Browse all →