Internet DRAFT - draft-bouaram-ethernet-over-https

draft-bouaram-ethernet-over-https







INTAREA (Internet Area Working Group)                         S. B. ARAM
Internet-Draft                                                   SKELDUS
Intended status: Informational                          27 December 2023
Expires: 29 June 2024


                      Ethernet over HTTPS Protocol
                  draft-bouaram-ethernet-over-https-01

Abstract

   This document defines a protocol for encapsulating Ethernet frames
   over HTTPS, allowing secure communication between a client and
   internal web servers.  The protocol includes authentication using
   strong API keys encrypted with the server's public key.  The
   communication is secured using TLS for privacy and integrity.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 29 June 2024.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.




ARAM                      Expires 29 June 2024                  [Page 1]

Internet-Draft                     EOH                     December 2023


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  TLS Considerations  . . . . . . . . . . . . . . . . . . .   2
     1.2.  Flow and Scenarios  . . . . . . . . . . . . . . . . . . .   2
       1.2.1.  Client Authentication . . . . . . . . . . . . . . . .   2
       1.2.2.  Internal Webpage Request  . . . . . . . . . . . . . .   3
       1.2.3.  Server-Side Processing  . . . . . . . . . . . . . . .   3
       1.2.4.  Response to the Client  . . . . . . . . . . . . . . .   3
   2.  FLow summary  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   4

1.  Introduction

   Ethernet over HTTPS (EOH) extends traditional networking by allowing
   communication between a web client and internal resources over the
   HTTPS protocol.  This document outlines the procedures for
   authentication, encapsulation of Ethernet frames, and communication
   between the client and internal web servers.  TLS is employed to
   secure the communication channel and ensure privacy and integrity.

1.1.  TLS Considerations

   To ensure the security of the Ethernet-over-HTTPS communication, TLS
   must be used to encrypt and authenticate the data exchanged between
   the client and server.  Implementations MUST follow best practices
   for TLS configuration, including the use of strong cipher suites,
   secure protocols, and proper certificate validation.

1.2.  Flow and Scenarios

1.2.1.  Client Authentication

   If the client specifies an internal URL (e.g., internal.url), the
   browser recognizes that Ethernet over HTTPS should be used for the
   communication.  The client browser, pre-configured with the IP
   address and port of the HTTP Server acting as the gateway to the LAN,
   automatically recognizes the internal URL (e.g., internal.url).  It
   then initiates the Ethernet-over-HTTPS protocol and sends an
   authentication request.

   *  The client initiates the connection by sending an authentication
      request to the server.







ARAM                      Expires 29 June 2024                  [Page 2]

Internet-Draft                     EOH                     December 2023


   plaintext
   POST /authenticate HTTP/1.1
   Host: server.example.com
   Content-Type: application/json

   {
   "api_key": "encrypted_api_key"
   }

   ### Server Authentication and LAN Information The server decrypts the
   API key, authenticates the client, and responds with the MAC address
   or IP address of the target server (or both) based on the LAN layer
   architecture.

   HTTP/1.1 200 OK
   Content-Type: application/json

   {
     "target_server_mac_address": "xx:xx:xx:xx:xx:xx",
     "target_server_ip_address": "192.168.1.2"
     "dhcp_ip_address": "192.168.1.10"
   }

1.2.2.  Internal Webpage Request

   The client, now authenticated, sends an Ethernet frame encapsulated
   within an HTTPS request for an internal webpage

1.2.3.  Server-Side Processing

   The server decapsulates the Ethernet frame, extracts the original
   HTTP request, and routes it to the internal web server.

1.2.4.  Response to the Client

   The server encapsulates the response from the internal web server

POST /ethernet-over-https HTTP/1.1
Host: server.example.com
Content-Type: application/octet-stream
Content-Length: length_of_payload_in_bytes

{
  "http_response": "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n<html>Internal Webpage</html>"
}

2.  FLow summary




ARAM                      Expires 29 June 2024                  [Page 3]

Internet-Draft                     EOH                     December 2023


     +----------------------+       +----------------------+
     |                      |       |                      |
     |      Web Client      |       |        EOH Server     |
     |                      |       |                      |
     +----------------------+       +----------------------+
              |                             |
              | 1. Browser Recognizes       |
              |    Internal URL             |
              | --------------------------> |
              |                             |
              | 2. Authentication Request   |
              | --------------------------> |
              |                             |
              |                             |
              | 3. Browser Initiates        |
              |    Ethernet over HTTPS      |
              |                             |
              |                             |
              | 4. Server Authenticates     |
              |    and Responds             |
              | <-------------------------- |
              |                             |
              | 5. Internal Webpage Request |
              |    as Encapsulated Frame    |
              | --------------------------> |
              |                             |
              | 6. Server Decapsulation     |
              |    and Routing              |
              | <-------------------------- |
              |                             |
              | 7. Response to Client       |
              |    as Encapsulated Frame    |
              | --------------------------> |
              |                             |

   # Security Considerations The security of the Ethernet-over-HTTPS
   protocol relies on the implementation of TLS.  It ensures the
   confidentiality, integrity, and authenticity of the communication
   between the client and server.  Implementers should adhere to best
   practices for TLS configuration, including the use of strong cipher
   suites, secure protocols, and proper certificate validation.

3.  IANA Considerations

   This document has no IANA actions.

Author's Address




ARAM                      Expires 29 June 2024                  [Page 4]

Internet-Draft                     EOH                     December 2023


   Salim-Amine BOU ARAM
   SKELDUS
   Email: salim@mycio.io
















































ARAM                      Expires 29 June 2024                  [Page 5]