W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Protocol Action: A Proposed Extension to HTTP : Digest Access Authentication to Proposed Standard

From: The IESG <iesg-secretary@ietf.org>
Date: Fri, 30 Aug 1996 09:49:54 -0400
To: IETF-Announce: ;, hplb.hpl.hp.com@ics.uci.edu
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9608300949.aa19794@ietf.org>


  The IESG has approved the Internet-Draft "A Proposed Extension to HTTP :
  Digest Access Authentication" <draft-ietf-http-digest-aa-04.txt> as a
  Proposed Standard. This document is the product of the HyperText Transfer
  Protocol Working Group. The IESG contact persons are Keith Moore and
  Harald Alvestrand.


Technical Summary

 This protocol extension provides a method of HTTP client
 authentication using shared secrets.  Unlike the "Basic"
 authentication method defined by HTTP 1.0, the Digest Access
 Authentication method does not transmit the secret in unencrypted
 form.

 While not entirely immune to attack, this method appears to be
 significantly less vulnerable to passive attacks than the "Basic"
 authentication method.

Working Group Summary

 The extension has received extensive review in the HTTP working group,
 which has carefully considered the protocol for the extension itself,
 its effect on other features of the HTTP protocol, and the security
 considerations.  There is strong consensus in the working group that
 this extension is very desirable; a number of vendors have agreed to
 implement it.

Protocol Quality

 Keith Moore reviewed the spec for IESG.


Note to RFC Editor:

	Please see RFC Editor note attached to
	Hypertext Transfer Protocol -- HTTP/1.1 Protocol Action
	Announcemment.
Received on Friday, 30 August 1996 10:13:53 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:09 EDT