[http-auth] I-D Action: draft-ietf-httpauth-scram-auth-07.txt

internet-drafts@ietf.org Sun, 26 July 2015 11:48 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 717781B2B77; Sun, 26 Jul 2015 04:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mB8r3yjAUvpI; Sun, 26 Jul 2015 04:48:10 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 309AB1A1AA8; Sun, 26 Jul 2015 04:48:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.1.0.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150726114810.1233.54578.idtracker@ietfa.amsl.com>
Date: Sun, 26 Jul 2015 04:48:10 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/Lwp7Ht6HlDktmToe-WBl5FhEAKk>
Cc: http-auth@ietf.org
Subject: [http-auth] I-D Action: draft-ietf-httpauth-scram-auth-07.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2015 11:48:11 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Hypertext Transfer Protocol Authentication Working Group of the IETF.

        Title           : Salted Challenge Response (SCRAM) HTTP Authentication Mechanism
        Author          : Alexey Melnikov
	Filename        : draft-ietf-httpauth-scram-auth-07.txt
	Pages           : 18
	Date            : 2015-07-26

Abstract:
   The secure authentication mechanism most widely deployed and used by
   Internet application protocols is the transmission of clear-text
   passwords over a channel protected by Transport Layer Security (TLS).
   There are some significant security concerns with that mechanism,
   which could be addressed by the use of a challenge response
   authentication mechanism protected by TLS.  Unfortunately, the HTTP
   Digest challenge response mechanism presently on the standards track
   failed widespread deployment, and have had success only in limited
   use.

   This specification describes a family of HTTP authentication
   mechanisms called the Salted Challenge Response Authentication
   Mechanism (SCRAM), which addresses security concerns with HTTP Digest
   and meets the deployability requirements.  When used in combination
   with TLS or an equivalent security layer, a mechanism from this
   family could improve the status-quo for HTTP authentication.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpauth-scram-auth/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-07

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-httpauth-scram-auth-07


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/