- From: The IESG <iesg-secretary@ietf.org>
- Date: Fri, 30 Aug 1996 09:49:54 -0400
- To: IETF-Announce: ;, hplb.hpl.hp.com@ics.uci.edu
- Cc: RFC Editor <rfc-editor@isi.edu>
- Cc: Internet Architecture Board <iab@isi.edu>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
The IESG has approved the Internet-Draft "A Proposed Extension to HTTP : Digest Access Authentication" <draft-ietf-http-digest-aa-04.txt> as a Proposed Standard. This document is the product of the HyperText Transfer Protocol Working Group. The IESG contact persons are Keith Moore and Harald Alvestrand. Technical Summary This protocol extension provides a method of HTTP client authentication using shared secrets. Unlike the "Basic" authentication method defined by HTTP 1.0, the Digest Access Authentication method does not transmit the secret in unencrypted form. While not entirely immune to attack, this method appears to be significantly less vulnerable to passive attacks than the "Basic" authentication method. Working Group Summary The extension has received extensive review in the HTTP working group, which has carefully considered the protocol for the extension itself, its effect on other features of the HTTP protocol, and the security considerations. There is strong consensus in the working group that this extension is very desirable; a number of vendors have agreed to implement it. Protocol Quality Keith Moore reviewed the spec for IESG. Note to RFC Editor: Please see RFC Editor note attached to Hypertext Transfer Protocol -- HTTP/1.1 Protocol Action Announcemment.
Received on Friday, 30 August 1996 10:13:53 UTC