From: The IESG [mailto:iesg-secretary at ietf.org]
Sent: Monday, March 08, 1999 12:00 PM
Cc: RFC Editor; Internet Architecture Board; http-wg at hplb.hpl.hp.com
Subject: Protocol Action: Hypertext Transfer Protocol -- HTTP/1.1 to
The IESG has approved publication of the following Internet-Drafts as
o Hypertext Transfer Protocol -- HTTP/1.1
This document replaces RFC2068, currently a Proposed Standard.
o HTTP Authentication: Basic and Digest Access Authentication
This document replaces RFC2069, currently a Proposed Standard.
These documents are the product of the HyperText Transfer Protocol
Working Group. The IESG contact persons are Keith Moore and Patrik
HTTP/1.1 is the primary data transfer protocol used by the world
wide web. This Draft Standard revision contains numerous
clarifications and corrections to its predecessor, RFC 2068.
Basic Access Authentication is an insecure authentication method
which was present in HTTP/1.0. Even though it exposes the user's
password to eavesdroppers, it is still needed for backward
compatibility. Digest Access Authentication is designed as
an improvement to Basic authentication. While Digest provides
no confidentiality or integrity service, it at least provides
improved protection (as compared to Basic) for the user's password.
Working Group Summary
A large number of issues were debated at length.
(The list of issues is documented at
including pointers into the mailing list archive where the
issue was discussed, and, usually, the resolution.)
Many design choices were subtle and difficult. HTTP has
been widely implemented and extended by many different
parties in a short amount of time, and this made it
difficult to define the proper interaction between
features originally specified by different parties.
In addition, the interaction of multiple roles (browser,
local cache, proxy, origin server, authentication service)
and conflicting goals (performance, reliability, privacy,
managability) made analysis of the choices more difficult.
Most decisions were made quickly, but some required
extensive discussion and multiple position papers.
At least rough consensus was reached on all design choices.
Keith Moore reviewed the spec for IESG.
There are several implementations of HTTP/1.1, and at least two
implementations of each protocol feature as required by RFC 2026
for Draft Standard protocols.