W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Re: Digest Authentication

From: Andrew Cameron <andrew@andy.alt.za>
Date: Sat, 30 Dec 1995 17:47:07 +0200 (GMT+0200)
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc: www-security@ns2.rutgers.edu, ams@eit.com
Message-Id: <Pine.LNX.3.91.951230174606.149A-100000@andy.alt.za>
On Fri, 29 Dec 1995, Larry Masinter wrote:

> The Digest Access Authentication mechanism has been resubmitted to the
> HTTP working group for consideration for inclusion in HTTP/1.1. The
> boundary between HTTP-WG and WTS-WG is fuzzy in this area, but I would
> like to make sure that members of WTS-WG and the Security Area have an
> adequate chance to review and comment on security-related items in
> HTTP-WG documents.
> 
> Does anyone believe that HTTP-WG should *not* proceed with digest-aa?
> 
> ================================================================
>        Title     : A Proposed Extension to HTTP : Digest Access 
>                    Authentication                                          
>        Author(s) : J. Hostetler, J. Franks, P. Hallam-Baker, 
>                    A. Luotonen, E. Sink, L. Stewart
>        Filename  : draft-ietf-http-digest-aa-02.txt
>        Pages     : 6
>        Date      : 12/20/1995
> 
> The protocol referred to as "HTTP/1.0" includes specification for a Basic 
> Access Authentication scheme.  This scheme is not considered to be a secure
> method of user authentication, as the user name and password are passed 
> over the network in an unencrypted form.  A specification for a new 
> authentication scheme is needed for future versions of the HTTP protocol.  
> This document provides specification for such a scheme, referred to as 
> "Digest Access Authentication".  The encryption method used is the RSA Data
> Security, Inc. MD5 Message-Digest Algorithm [3].                           
> 

Will this be available to people outside the US, or will the ITAR 
regulations mean that only those in the US can legally use it.


-----------------------------------------------------------------------------

Andrew Cameron
Internet : andrew@andy.alt.za
X.400    : C=ZA G=Andrew S=Cameron Admd=TELKOM400

----------------------------------------------------------------------------
Received on Saturday, 30 December 1995 08:09:09 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:38 EDT