- From: Andrew Cameron <andrew@andy.alt.za>
- Date: Sat, 30 Dec 1995 17:47:07 +0200 (GMT+0200)
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
- Cc: www-security@ns2.rutgers.edu, ams@eit.com
On Fri, 29 Dec 1995, Larry Masinter wrote: > The Digest Access Authentication mechanism has been resubmitted to the > HTTP working group for consideration for inclusion in HTTP/1.1. The > boundary between HTTP-WG and WTS-WG is fuzzy in this area, but I would > like to make sure that members of WTS-WG and the Security Area have an > adequate chance to review and comment on security-related items in > HTTP-WG documents. > > Does anyone believe that HTTP-WG should *not* proceed with digest-aa? > > ================================================================ > Title : A Proposed Extension to HTTP : Digest Access > Authentication > Author(s) : J. Hostetler, J. Franks, P. Hallam-Baker, > A. Luotonen, E. Sink, L. Stewart > Filename : draft-ietf-http-digest-aa-02.txt > Pages : 6 > Date : 12/20/1995 > > The protocol referred to as "HTTP/1.0" includes specification for a Basic > Access Authentication scheme. This scheme is not considered to be a secure > method of user authentication, as the user name and password are passed > over the network in an unencrypted form. A specification for a new > authentication scheme is needed for future versions of the HTTP protocol. > This document provides specification for such a scheme, referred to as > "Digest Access Authentication". The encryption method used is the RSA Data > Security, Inc. MD5 Message-Digest Algorithm [3]. > Will this be available to people outside the US, or will the ITAR regulations mean that only those in the US can legally use it. ----------------------------------------------------------------------------- Andrew Cameron Internet : andrew@andy.alt.za X.400 : C=ZA G=Andrew S=Cameron Admd=TELKOM400 ----------------------------------------------------------------------------
Received on Saturday, 30 December 1995 08:09:09 UTC