[http-auth] I-D Action: draft-ietf-httpauth-scram-auth-12.txt
internet-drafts@ietf.org Sat, 28 November 2015 15:49 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: http-auth@ietf.org
Delivered-To: http-auth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E7F041B2AF2; Sat, 28 Nov 2015 07:49:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20151128154943.7517.46960.idtracker@ietfa.amsl.com>
Date: Sat, 28 Nov 2015 07:49:43 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/D7ASHfkE5nMr70XBXL7LdH8ko_k>
Cc: http-auth@ietf.org
Subject: [http-auth] I-D Action: draft-ietf-httpauth-scram-auth-12.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2015 15:49:44 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Hypertext Transfer Protocol Authentication Working Group of the IETF.
Title : Salted Challenge Response (SCRAM) HTTP Authentication Mechanism
Author : Alexey Melnikov
Filename : draft-ietf-httpauth-scram-auth-12.txt
Pages : 19
Date : 2015-11-28
Abstract:
The authentication mechanism most widely deployed and used by
Internet application protocols is the transmission of clear-text
passwords over a channel protected by Transport Layer Security (TLS).
There are some significant security concerns with that mechanism,
which could be addressed by the use of a challenge response
authentication mechanism protected by TLS. Unfortunately, the HTTP
Digest challenge response mechanism presently on the standards track
failed widespread deployment, and have had success only in limited
use.
This specification describes a family of HTTP authentication
mechanisms called the Salted Challenge Response Authentication
Mechanism (SCRAM), which addresses security concerns with HTTP Digest
and meets the deployability requirements. When used in combination
with TLS or an equivalent security layer, a mechanism from this
family could improve the status-quo for HTTP authentication.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpauth-scram-auth/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-12
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-httpauth-scram-auth-12
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- [http-auth] I-D Action: draft-ietf-httpauth-scram… internet-drafts
- Re: [http-auth] I-D Action: draft-ietf-httpauth-s… Rifaat Shekh-Yusef
- Re: [http-auth] I-D Action: draft-ietf-httpauth-s… Tony Hansen
- Re: [http-auth] I-D Action: draft-ietf-httpauth-s… Yoav Nir
- Re: [http-auth] I-D Action: draft-ietf-httpauth-s… Tony Hansen
- Re: [http-auth] I-D Action: draft-ietf-httpauth-s… Kathleen Moriarty