Digest Authentication

To: www-security@ns2.rutgers.edu
Subject: Digest Authentication
From: Larry Masinter <masinter@parc.xerox.com>
Date: Fri, 29 Dec 1995 13:54:14 PST
CC: ams@eit.com
Fake-Sender: masinter@parc.xerox.com
Reply-to: http-wg@cuckoo.hpl.hp.com

The Digest Access Authentication mechanism has been resubmitted to the
HTTP working group for consideration for inclusion in HTTP/1.1. The
boundary between HTTP-WG and WTS-WG is fuzzy in this area, but I would
like to make sure that members of WTS-WG and the Security Area have an
adequate chance to review and comment on security-related items in
HTTP-WG documents.

Does anyone believe that HTTP-WG should *not* proceed with digest-aa?

================================================================
       Title     : A Proposed Extension to HTTP : Digest Access 
                   Authentication                                          
       Author(s) : J. Hostetler, J. Franks, P. Hallam-Baker, 
                   A. Luotonen, E. Sink, L. Stewart
       Filename  : draft-ietf-http-digest-aa-02.txt
       Pages     : 6
       Date      : 12/20/1995

The protocol referred to as "HTTP/1.0" includes specification for a Basic 
Access Authentication scheme.  This scheme is not considered to be a secure
method of user authentication, as the user name and password are passed 
over the network in an unencrypted form.  A specification for a new 
authentication scheme is needed for future versions of the HTTP protocol.  
This document provides specification for such a scheme, referred to as 
"Digest Access Authentication".  The encryption method used is the RSA Data
Security, Inc. MD5 Message-Digest Algorithm [3].

Follow-Ups:

Re: Digest Authentication

From: Andrew Cameron <andrew@andy.alt.za>

Previous: No Subject
Next: Re: Digest Authentication
Index(es):
- Index
- Thread