[1358] in WWW Security List Archive
Re: Digest Authentication
daemon@ATHENA.MIT.EDU (Andrew Cameron)
Sat Dec 30 13:48:28 1995
Date: Sat, 30 Dec 1995 17:47:07 +0200 (GMT+0200)
From: Andrew Cameron <andrew@andy.alt.za>
To: http-wg@cuckoo.hpl.hp.com
cc: www-security@ns2.rutgers.edu, ams@eit.com
In-Reply-To: <95Dec29.135425pst.2733@golden.parc.xerox.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 29 Dec 1995, Larry Masinter wrote:
> The Digest Access Authentication mechanism has been resubmitted to the
> HTTP working group for consideration for inclusion in HTTP/1.1. The
> boundary between HTTP-WG and WTS-WG is fuzzy in this area, but I would
> like to make sure that members of WTS-WG and the Security Area have an
> adequate chance to review and comment on security-related items in
> HTTP-WG documents.
>
> Does anyone believe that HTTP-WG should *not* proceed with digest-aa?
>
> ================================================================
> Title : A Proposed Extension to HTTP : Digest Access
> Authentication
> Author(s) : J. Hostetler, J. Franks, P. Hallam-Baker,
> A. Luotonen, E. Sink, L. Stewart
> Filename : draft-ietf-http-digest-aa-02.txt
> Pages : 6
> Date : 12/20/1995
>
> The protocol referred to as "HTTP/1.0" includes specification for a Basic
> Access Authentication scheme. This scheme is not considered to be a secure
> method of user authentication, as the user name and password are passed
> over the network in an unencrypted form. A specification for a new
> authentication scheme is needed for future versions of the HTTP protocol.
> This document provides specification for such a scheme, referred to as
> "Digest Access Authentication". The encryption method used is the RSA Data
> Security, Inc. MD5 Message-Digest Algorithm [3].
>
Will this be available to people outside the US, or will the ITAR
regulations mean that only those in the US can legally use it.
-----------------------------------------------------------------------------
Andrew Cameron
Internet : andrew@andy.alt.za
X.400 : C=ZA G=Andrew S=Cameron Admd=TELKOM400
----------------------------------------------------------------------------
