[Previous] [Next] [Index]
[Thread]
Digest Authentication
The Digest Access Authentication mechanism has been resubmitted to the
HTTP working group for consideration for inclusion in HTTP/1.1. The
boundary between HTTP-WG and WTS-WG is fuzzy in this area, but I would
like to make sure that members of WTS-WG and the Security Area have an
adequate chance to review and comment on security-related items in
HTTP-WG documents.
Does anyone believe that HTTP-WG should *not* proceed with digest-aa?
================================================================
Title : A Proposed Extension to HTTP : Digest Access
Authentication
Author(s) : J. Hostetler, J. Franks, P. Hallam-Baker,
A. Luotonen, E. Sink, L. Stewart
Filename : draft-ietf-http-digest-aa-02.txt
Pages : 6
Date : 12/20/1995
The protocol referred to as "HTTP/1.0" includes specification for a Basic
Access Authentication scheme. This scheme is not considered to be a secure
method of user authentication, as the user name and password are passed
over the network in an unencrypted form. A specification for a new
authentication scheme is needed for future versions of the HTTP protocol.
This document provides specification for such a scheme, referred to as
"Digest Access Authentication". The encryption method used is the RSA Data
Security, Inc. MD5 Message-Digest Algorithm [3].
Follow-Ups: