Re: [http-auth] I-D Action: draft-morand-http-digest-2g-aka-03.txt

[Yoav Nir <ynir@checkpoint.com>]

Hi Sean,

Looking over the discussion in httpbis ([1]), it's not clear to me whether this is documenting existing practice or whether it's proposing a new method. Either way, this method seems specific to a domain, where I believe the author has much more expertise than people in the working group. I am personally fine with it proceeding as an independent submission. I would also be fine with the working group discussing this, but I don't know how much value we could add.

Yoav (with no hats)
[1] http://lists.w3.org/Archives/Public/ietf-http-wg/2012AprJun/0375.html

On Sep 3, 2013, at 4:35 PM, Sean Turner <turners@ieca.com> wrote:

> Hi!
> 
> The following draft is currently on the IESG telechat for next week and as part of the process an AD does what's called and "RFC 5742 review", which is basically a check to see if there's been an endrun on the process.   This draft has been around for a while and I know it was at least discussed on the httpbis wg mailing list in early '12 (and maybe even earlier), but that was before the httpauth working group was chartered.  So I gotta ask: Is this something that the working group should consider adopting?
> 
> spt
> -------- Original Message --------
> Subject: I-D Action: draft-morand-http-digest-2g-aka-03.txt
> Date: Mon, 21 Jan 2013 10:16:39 -0800
> From: internet-drafts@ietf.org
> Reply-To: internet-drafts@ietf.org
> To: i-d-announce@ietf.org
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
> 	Title           : Hypertext Transfer Protocol (HTTP) Digest Authentication Using GSM 2G Authentication and Key Agreement (AKA)
> 	Author(s)       : Lionel Morand
> 	Filename        : draft-morand-http-digest-2g-aka-03.txt
> 	Pages           : 15
> 	Date            : 2013-01-21
> 
> Abstract:
>   This memo specifies a one-time password generation mechanism for
>   Hypertext Transfer Protocol (HTTP) Digest access authentication based
>   on Global System for Mobile Communications (GSM) authentication and
>   key generation functions A3 and A8, also known as GSM AKA or 2G AKA.
>   The HTTP Authentication Framework includes two authentication
>   schemes: Basic and Digest.  Both schemes employ a shared secret based
>   mechanism for access authentication.  The GSM AKA mechanism performs
>   user authentication and session key distribution in GSM and Universal
>   Mobile Telecommunications System (UMTS) networks.  GSM AKA is a
>   challenge-response based mechanism that uses symmetric cryptography.
> 
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-morand-http-digest-2g-aka
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-morand-http-digest-2g-aka-03
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-morand-http-digest-2g-aka-03
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> 
> 
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth