- From: <Internet-Drafts@ns.ietf.org>
- Date: Mon, 01 Dec 1997 12:24:00 -0500
- To: IETF-Announce@ns.ietf.org
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
- Message-Id: <199712011724.MAA19604@ns.ietf.org>
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the HyperText Transfer Protocol Working Group of the IETF. Title : HTTP Authentication: Basic and Digest Access Authentication Author(s) : J. Franks, A. Luotonen, P. Leach, J. Hostetler, P. Hallam-Baker, E. Sink, L. Stewart Filename : draft-ietf-http-authentication-00.txt Pages : 27 Date : 26-Nov-97 ''HTTP/1.0'' includes the specification for a Basic Access Authentication scheme. This scheme is not considered to be a secure method of user authentication (unless used in conjunction with some external secure system such as SSL [5]), as the user name and password are passed over the network as clear text. This document also provides the specification for HTTP's authentication framework, the original Basic authentication scheme and a scheme based on cryptographic hashes, referred to as ''Digest Access Authentication''. It is therefore intended to also serve as a replacement for RFC 2069.[6] Like Basic, Digest access authentication verifies that both parties to a communication know a shared secret (a password); unlike Basic, this verification can be done without sending the password in the clear, which is Basic's biggest weakness. As with most other authentication protocols, the greatest sources of risks are usually found not in the core protocol itself but in policies and procedures surrounding its use. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-http-authentication-00.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-http-authentication-00.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ds.internic.net US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-http-authentication-00.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
Attachments
- Message/External-body attachment: stored
Received on Monday, 1 December 1997 09:32:02 UTC