IPP> I-D ACTION:draft-ietf-http-authentication-01.txt

IPP> I-D ACTION:draft-ietf-http-authentication-01.txt

Carl-Uno Manros cmanros at cp10.es.xerox.com
Mon Mar 16 12:07:10 EST 1998


FYI,


Carl-Uno


>To: IETF-Announce:;
>Cc: http-wg at cuckoo.hpl.hp.com
>From: Internet-Drafts at ns.ietf.org
>Reply-to: Internet-Drafts at ns.ietf.org
>Subject: I-D ACTION:draft-ietf-http-authentication-01.txt
>Date: Mon, 16 Mar 1998 05:21:14 PST
>Sender: cclark at cnri.reston.va.us
>
>A New Internet-Draft is available from the on-line Internet-Drafts
directories.
>This draft is a work item of the HyperText Transfer Protocol Working Group
of the IETF.
>
>	Title		: HTTP Authentication: Basic and Digest 
>                          Access Authentication
>	Author(s)	: J. Franks, E. Sink, P. Leach, J. Hostetler, 
>                          P. Hallam-Baker, L. Stewart, S. Lawrence, A.
Luotonen
>	Filename	: draft-ietf-http-authentication-01.txt
>	Pages		: 26
>	Date		: 13-Mar-98
>	
>''HTTP/1.0'' includes the specification for a Basic Access Authentication
>scheme. This scheme is not considered to be a secure method of user
>authentication (unless used in conjunction with some external secure
>system such as SSL [5]), as the user name and password are passed over
>the network as cleartext.
> 
>This document also provides the specification for HTTP's authentication
>framework, the original Basic authentication scheme and a scheme based
>on cryptographic hashes, referred to as ''Digest Access Authentication''.
>It is therefore also intended to serve as a replacement for RFC 2069
>[6].  Some optional elements specified by RFC 2069 have been removed
>from this specification due to problems found since its publication;
>other new elements have been added -for compatibility, those new
>elements have been made optional, but are strongly recommended.
> 
>Like Basic, Digest access authentication verifies that both parties to a
>communication know a shared secret (a password); unlike Basic, this
>verification can be done without sending the password in the clear,
>which is Basic's biggest weakness. As with most other authentication
>protocols, the greatest sources of risks are usually found not in the
>core protocol itself but in policies and procedures surrounding its use.
>
>Internet-Drafts are available by anonymous FTP.  Login with the username
>"anonymous" and a password of your e-mail address.  After logging in,
>type "cd internet-drafts" and then
>	"get draft-ietf-http-authentication-01.txt".
>A URL for the Internet-Draft is:
>ftp://ftp.ietf.org/internet-drafts/draft-ietf-http-authentication-01.txt
>
>Internet-Drafts directories are located at:
>
>	Africa:	ftp.is.co.za
>	
>	Europe: ftp.nordu.net
>		ftp.nis.garr.it
>			
>	Pacific Rim: munnari.oz.au
>	
>	US East Coast: ds.internic.net
>	
>	US West Coast: ftp.isi.edu
>
>Internet-Drafts are also available by mail.
>
>Send a message to:	mailserv at ietf.org.  In the body type:
>	"FILE /internet-drafts/draft-ietf-http-authentication-01.txt".
>	
>NOTE:	The mail server at ietf.org can return the document in
>	MIME-encoded form by using the "mpack" utility.  To use this
>	feature, insert the command "ENCODING mime" before the "FILE"
>	command.  To decode the response(s), you will need "munpack" or
>	a MIME-compliant mail reader.  Different MIME-compliant mail readers
>	exhibit different behavior, especially when dealing with
>	"multipart" MIME messages (i.e. documents which have been split
>	up into multiple messages), so check your local documentation on
>	how to manipulate these messages.
>		
>		
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.
>
><ftp://ftp.ietf.org/internet-drafts/draft-ietf-http-authentication-01.txt>
>
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com



More information about the Ipp mailing list