Re: Digest Authentication

On Fri, 29 Dec 1995, Larry Masinter wrote:

> The Digest Access Authentication mechanism has been resubmitted to the
> HTTP working group for consideration for inclusion in HTTP/1.1. The
> boundary between HTTP-WG and WTS-WG is fuzzy in this area, but I would
> like to make sure that members of WTS-WG and the Security Area have an
> adequate chance to review and comment on security-related items in
> HTTP-WG documents.
> 
> Does anyone believe that HTTP-WG should *not* proceed with digest-aa?
> 
> ================================================================
>        Title     : A Proposed Extension to HTTP : Digest Access 
>                    Authentication                                          
>        Author(s) : J. Hostetler, J. Franks, P. Hallam-Baker, 
>                    A. Luotonen, E. Sink, L. Stewart
>        Filename  : draft-ietf-http-digest-aa-02.txt
>        Pages     : 6
>        Date      : 12/20/1995
> 
> The protocol referred to as "HTTP/1.0" includes specification for a Basic 
> Access Authentication scheme.  This scheme is not considered to be a secure
> method of user authentication, as the user name and password are passed 
> over the network in an unencrypted form.  A specification for a new 
> authentication scheme is needed for future versions of the HTTP protocol.  
> This document provides specification for such a scheme, referred to as 
> "Digest Access Authentication".  The encryption method used is the RSA Data
> Security, Inc. MD5 Message-Digest Algorithm [3].                           
> 

Will this be available to people outside the US, or will the ITAR 
regulations mean that only those in the US can legally use it.


-----------------------------------------------------------------------------

Andrew Cameron
Internet : andrew@andy.alt.za
X.400    : C=ZA G=Andrew S=Cameron Admd=TELKOM400

----------------------------------------------------------------------------

Received on Saturday, 30 December 1995 08:09:09 UTC