]> SKELDUS

salim@mycio.io

INTAREA (Internet Area Working Group) Ethernet HTTPS API Key TLS This document defines a protocol for encapsulating Ethernet frames over HTTPS, allowing secure communication between a client and internal web servers. The protocol includes authentication using strong API keys encrypted with the server's public key. The communication is secured using TLS for privacy and integrity.

Introduction Ethernet over HTTPS (EOH) extends traditional networking by allowing communication between a web client and internal resources over the HTTPS protocol. This document outlines the procedures for authentication, encapsulation of Ethernet frames, and communication between the client and internal web servers. TLS is employed to secure the communication channel and ensure privacy and integrity.

TLS Considerations To ensure the security of the Ethernet-over-HTTPS communication, TLS must be used to encrypt and authenticate the data exchanged between the client and server. Implementations MUST follow best practices for TLS configuration, including the use of strong cipher suites, secure protocols, and proper certificate validation.

Flow and Scenarios

Client Authentication If the client specifies an internal URL (e.g., internal.url), the browser recognizes that Ethernet over HTTPS should be used for the communication. The client browser, pre-configured with the IP address and port of the HTTP Server acting as the gateway to the LAN, automatically recognizes the internal URL (e.g., internal.url). It then initiates the Ethernet-over-HTTPS protocol and sends an authentication request.

• The client initiates the connection by sending an authentication request to the server.

### Server Authentication and LAN Information The server decrypts the API key, authenticates the client, and responds with the MAC address or IP address (or both) based on the LAN layer specified by the client

Internal Webpage Request The client, now authenticated, sends an Ethernet frame encapsulated within an HTTPS request for an internal webpage

Server-Side Processing The server decapsulates the Ethernet frame, extracts the original HTTP request, and routes it to the internal web server.

Response to the Client The server encapsulates the response from the internal web server Internal Webpage" } ]]>

FLow summary | | | | 2. Authentication Request | | --------------------------> | | | | | | 3. Browser Initiates | | Ethernet over HTTPS | | | | | | 4. Server Authenticates | | and Responds | | <-------------------------- | | | | 5. Internal Webpage Request | | as Encapsulated Frame | | --------------------------> | | | | 6. Server Decapsulation | | and Routing | | <-------------------------- | | | | 7. Response to Client | | as Encapsulated Frame | | --------------------------> | | | ]]> # Security Considerations The security of the Ethernet-over-HTTPS protocol relies on the implementation of TLS. It ensures the confidentiality, integrity, and authenticity of the communication between the client and server. Implementers should adhere to best practices for TLS configuration, including the use of strong cipher suites, secure protocols, and proper certificate validation.

IANA Considerations This document has no IANA actions.