%% You should probably cite draft-ietf-httpauth-hoba instead of this I-D.
@techreport{farrell-httpbis-hoba-00,
    number =    {draft-farrell-httpbis-hoba-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba/00/},
    author =    {Stephen Farrell},
    title =     {{HTTP Origin-Bound Authentication (HOBA)}},
    pagetotal = 11,
    year =      2012,
    month =     jun,
    day =       13,
    abstract =  {This memo proposes a way of using origin-bound certificates for HTTP authentication, called HOBA. HOBA is an HTTP authentication method with credentials that are not vulnerable to simple phishing attacks, and that does not require a server-side password database, both major potential positives, if deployed. HOBA can be integrated with account management and other applications running over HTTP and supports portability, so a user can associate more than one device or origin-bound certificate with the same service. This also provides a mechanism to handle state-loss, if one of a user's credentials is lost. HOBA also provides a logout mechanism.},
}