W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1996

I-D ACTION:draft-ietf-http-digest-aa-05.txt

From: <Internet-Drafts@ietf.org>
Date: Mon, 23 Sep 1996 13:37:22 -0400
To: IETF-Announce: ;, hplb.hpl.hp.com@ics.uci.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9609231337.aa03638@ietf.org>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1612
 A Revised Internet-Draft is available from the on-line Internet-Drafts 
 directories. This draft is a work item of the HyperText Transfer Protocol 
 Working Group of the IETF.                                                

Note: This revision reflects comments received during the last call period.

       Title     : An Extension to HTTP : Digest Access Authentication     
       Author(s) : J. Franks, P. Hallam-Baker, J. Hostetler, 
                   P. Leach, A. Luotonen, E. Sink, L. Stewart
       Filename  : draft-ietf-http-digest-aa-05.txt
       Pages     : 13
       Date      : 09/23/1996

The protocol referred to as "HTTP/1.0" includes the specification for a 
Basic Access Authentication scheme.  This scheme is not considered to be a 
secure method of user authentication, as the user name and password are 
passed over the network as clear text.  A specification for a different 
authentication scheme is needed to address this severe limitation.  This 
document provides specification for such a scheme, referred to as "Digest 
Access Authentication".  Like Basic, Digest access authentication verifies 
that both parties to a communication know a shared secret (a password); 
unlike Basic, this verification can be done without sending the password in
the clear, which is Basic's biggest weakness. As with most other 
authentication protocols, the greatest sources of risks are usually found 
not in the core protocol itself but in policies and procedures surrounding 
its use.                                                                   

Internet-Drafts are available by anonymous FTP.  Login with the username
"anonymous" and a password of your e-mail address.  After logging in,
type "cd internet-drafts" and then
     "get draft-ietf-http-digest-aa-05.txt".
A URL for the Internet-Draft is:
Internet-Drafts directories are located at:	
     o  Africa                                   
        Address:  ftp.is.co.za (	
     o  Europe                                   
        Address:  nic.nordu.net (	
        Address:  ftp.nis.garr.it (
     o  Pacific Rim                              
        Address:  munnari.oz.au (	
     o  US East Coast                            
        Address:  ds.internic.net (	
     o  US West Coast                            
        Address:  ftp.isi.edu (  	
Internet-Drafts are also available by mail.	
Send a message to:  mailserv@ds.internic.net. In the body type: 
     "FILE /internet-drafts/draft-ietf-http-digest-aa-05.txt".
NOTE: The mail server at ds.internic.net can return the document in
      MIME-encoded form by using the "mpack" utility.  To use this
      feature, insert the command "ENCODING mime" before the "FILE"
      command.  To decode the response(s), you will need "munpack" or
      a MIME-compliant mail reader.  Different MIME-compliant mail readers
      exhibit different behavior, especially when dealing with
      "multipart" MIME messages (i.e., documents which have been split
      up into multiple messages), so check your local documentation on
      how to manipulate these messages.
For questions, please mail to Internet-Drafts@ietf.org

Below is the data which will enable a MIME compliant mail reader 
implementation to automatically retrieve the ASCII version
of the Internet-Draft.

Received on Monday, 23 September 1996 11:16:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:20 UTC