Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

I-D ACTION:draft-ietf-http-digest-aa-rev-00.txt

0 views
Skip to first unread message

Interne...@ietf.org

unread,
Aug 5, 1997, 3:00:00 AM8/5/97
to

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the HyperText Transfer Protocol Working Group of the IETF.

Title : An Extension to HTTP : Digest Access
Authentication
Author(s) : J. Franks, A. Luotonen, P. Leach, J. Hostetler,
P. Hallam-Baker
Filename : draft-ietf-http-digest-aa-rev-00.txt
Pages : 18
Date : 1997-07-30

The protocol referred to as 'HTTP/1.0' includes the specification for
a Basic Access Authentication scheme. This scheme is not considered
to be a secure method of user authentication, as the user name and
password are passed over the network as clear text. A specification
for a different authentication scheme is needed to address this
severe limitation. This document provides specification for such a
scheme, referred to as 'Digest Access Authentication'. Like Basic,
Digest access authentication verifies that both parties to a
communication know a shared secret (a password); unlike Basic, this
verification can be done without sending the password in the clear,
which is Basic's biggest weakness. As with most other authentication
protocols, the greatest sources of risks are usually found not in the
core protocol itself but in policies and procedures surrounding its
use.

This is the final draft of any document under this name. Digest and
Basic Authentication from the HTTP/1.1 specification will be combined
and issued as a document titled 'Authentication in HTTP'.Our intent
is that RFC 2068 and RFC 2069 will go to draft standard as a pair of
documents, but with all authentication schemes (Digest and Basic)
documented together in a single place. This transition has not yet
taken place.

Internet-Drafts are available by anonymous FTP. Login wih the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-http-digest-aa-rev-00.txt".
A URL for the Internet-Draft is:
ftp://ds.internic.net/internet-drafts/draft-ietf-http-digest-aa-rev-00.txt

Internet-Drafts directories are located at:

Africa: ftp.is.co.za

Europe: ftp.nordu.net
ftp.nis.garr.it

Pacific Rim: munnari.oz.au

US East Coast: ds.internic.net

US West Coast: ftp.isi.edu

Internet-Drafts are also available by mail.

Send a message to: mail...@ds.internic.net. In the body type:
"FILE /internet-drafts/draft-ietf-http-digest-aa-rev-00.txt".

NOTE: The mail server at ds.internic.net can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.


Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mail...@ds.internic.net"

Content-Type: text/plain
Content-ID: <199708051...@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-http-digest-aa-rev-00.txt

--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-http-digest-aa-rev-00.txt";
site="ds.internic.net";
access-type="anon-ftp";
directory="internet-drafts"

Content-Type: text/plain
Content-ID: <199708051...@ietf.org>

--OtherAccess--

--NextPart--

0 new messages