I-D ACTION:draft-ietf-http-digest-aa-rev-00.txt from Internet-Drafts@ietf.org on 1997-08-05 (ietf-http-wg@w3.org from July to September 1997)

From: <Internet-Drafts@ietf.org>
Date: Tue, 05 Aug 1997 16:36:52 -0400
To: IETF-Announce@ietf.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9708051636.aa26585@ietf.org>

	Title		: An Extension to HTTP : Digest Access 
                          Authentication
	Author(s)	: J. Franks, A. Luotonen, P. Leach, J. Hostetler, 
                          P. Hallam-Baker
	Filename	: draft-ietf-http-digest-aa-rev-00.txt
	Pages		: 18
	Date		: 1997-07-30
	
The protocol referred to as 'HTTP/1.0' includes the specification for
   a Basic Access Authentication scheme.  This scheme is not considered
   to be a secure method of user authentication, as the user name and
   password are passed over the network as clear text.  A specification
   for a different authentication scheme is needed to address this
   severe limitation.  This document provides specification for such a
   scheme, referred to as 'Digest Access Authentication'.  Like Basic,
   Digest access authentication verifies that both parties to a
   communication know a shared secret (a password); unlike Basic, this
   verification can be done without sending the password in the clear,
   which is Basic's biggest weakness. As with most other authentication
   protocols, the greatest sources of risks are usually found not in the
   core protocol itself but in policies and procedures surrounding its
   use. 

   This is the final draft of any document under this name.  Digest and
   Basic Authentication from the HTTP/1.1 specification will be combined
   and issued as a document titled 'Authentication in HTTP'.Our intent
   is that RFC 2068 and RFC 2069 will go to draft standard as a pair of
   documents, but with all authentication schemes (Digest and Basic)
   documented together in a single place.  This transition has not yet
   taken place.

Internet-Drafts are available by anonymous FTP.  Login wih the username
"anonymous" and a password of your e-mail address.  After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-http-digest-aa-rev-00.txt".
A URL for the Internet-Draft is:
ftp://ds.internic.net/internet-drafts/draft-ietf-http-digest-aa-rev-00.txt

Internet-Drafts directories are located at:

	Africa:	ftp.is.co.za
	
	Europe: ftp.nordu.net
		ftp.nis.garr.it
			
	Pacific Rim: munnari.oz.au
	
	US East Coast: ds.internic.net
	
	US West Coast: ftp.isi.edu

Internet-Drafts are also available by mail.

Send a message to:	mailserv@ds.internic.net.  In the body type:
	"FILE /internet-drafts/draft-ietf-http-digest-aa-rev-00.txt".
	
NOTE:	The mail server at ds.internic.net can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

Attachments

Message/External-body attachment: stored

Received on Tuesday, 5 August 1997 13:38:32 UTC