[http-auth] Fwd: I-D Action: draft-ietf-httpauth-mutual-02.txt
Yutaka OIWA <y.oiwa@aist.go.jp> Thu, 24 April 2014 10:48 UTC
Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401C91A0176 for <http-auth@ietfa.amsl.com>; Thu, 24 Apr 2014 03:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wk4G5Eqt-mAt for <http-auth@ietfa.amsl.com>; Thu, 24 Apr 2014 03:48:54 -0700 (PDT)
Received: from na3sys010aog114.obsmtp.com (na3sys010aog114.obsmtp.com [74.125.245.96]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3721A0171 for <http-auth@ietf.org>; Thu, 24 Apr 2014 03:48:54 -0700 (PDT)
Received: from mail-vc0-f181.google.com ([209.85.220.181]) (using TLSv1) by na3sys010aob114.postini.com ([74.125.244.12]) with SMTP ID DSNKU1jsECVGzGgaS1wc/w3gkHRG62yPNyQ7@postini.com; Thu, 24 Apr 2014 03:48:48 PDT
Received: by mail-vc0-f181.google.com with SMTP id id10so2631863vcb.40 for <http-auth@ietf.org>; Thu, 24 Apr 2014 03:48:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=WlDXuDefUonXJteDNj4pTRvlaiTY8Bgn3DWikFJM8BI=; b=dpmsHhIsXzMe+6mWfSifcR1Ux2h27iuWer44anVw2X24ln03WDaLMl41vojAWs9quR fGo99GBvh/VIaoePFc0UsSR1YVUh6CVug6ShHtSnSJhdp+BtIeeniYwNQ2TOCxIMdHRB msqVOt+Tr4dxJZlvw3cV/HZdTdKD0E9PR9SW8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=WlDXuDefUonXJteDNj4pTRvlaiTY8Bgn3DWikFJM8BI=; b=Ds9rDVs5LGNn6+syMUmhy6WF5ioKC6Kbe22UjzrAunYFjHbZhd9e/jzBI35EoEvv27 JckzWj+I9IK7by2Axzc1XNimJbwBDiBevcbB+zqn1yuxOhDQn5h9dSiGcbvyBrBYMy70 6VBoQpzgESAX2x8CPQ8b0FJCcKiuN9iamwfDgdd+iZfZHMlAwb0Jh10nmBDBG9XjSwYM aW8yKN1CtFdPcQpwN3B1cuXyGWT6ggJOug66EHR/ERhCmVvOzf41lmswzxVpJgtS9Y0z b1+KiK5gouzHkWqWCzzU+RRwbZJ+I01M4VWzLrqZC3qugHLDmPENjH2w0YNmXs6s55MU i19Q==
X-Gm-Message-State: ALoCoQmCcqvQq0pPoxsM2b4yqvdvK6rqV2YfZXWTW+Dc8CcE4smMWSd9FFakii2yIUCYaYyjF5a+2HmgiFg+V2lc/Vlfl3b5vLwwsegAsjAfNqQ7ymoLaVGl+y+lloTInyhBbBHvqXzL
X-Received: by 10.58.187.78 with SMTP id fq14mr743519vec.9.1398336527984; Thu, 24 Apr 2014 03:48:47 -0700 (PDT)
X-Received: by 10.58.187.78 with SMTP id fq14mr743510vec.9.1398336527858; Thu, 24 Apr 2014 03:48:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.137.39 with HTTP; Thu, 24 Apr 2014 03:48:27 -0700 (PDT)
In-Reply-To: <20140424104133.21877.16681.idtracker@ietfa.amsl.com>
References: <20140424104133.21877.16681.idtracker@ietfa.amsl.com>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Thu, 24 Apr 2014 19:48:27 +0900
Message-ID: <CAMeZVwsyRnQ5GOzWoJf6jG6s1y1pnjKMTE+p=vm639-4KjtP+A@mail.gmail.com>
To: "http-auth@ietf.org" <http-auth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/h0Yl4CUQjy6KuVADEJ73sd4V-1E
Subject: [http-auth] Fwd: I-D Action: draft-ietf-httpauth-mutual-02.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 10:48:56 -0000
Dear all in http-auth, Thank you very much for recent comments, especially on introduction of the password-strengthening features and cryptographic exchanges (transaction verification). I updated the mutual-auth draft to -02 revision, including the following major changes: * Introduction of PKCS #5 PBKDF2 password-strengthening. We have received some more proposals on using more stronger functions which are not yet in the RFC series. If we will go for standardizing those algorithms as well, I really appreciate more discussions. * Changed the client-side behavior description in Section 9, reflecting the comments "too complex!". Now the description is more property or requirement based, and the big state-machine is now informative purpose only. * Note on the transaction verification in cryptographic exchanges is added to the companion "algo" draft. I hope this will clarify the things for cryptographers. ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 2014-04-24 19:41 GMT+09:00 Subject: [http-auth] I-D Action: draft-ietf-httpauth-mutual-02.txt To: i-d-announce@ietf.org Cc: http-auth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Hypertext Transfer Protocol Authentication Working Group of the IETF. Title : Mutual Authentication Protocol for HTTP Authors : Yutaka Oiwa Hajime Watanabe Hiromitsu Takagi Kaoru Maeda Tatsuya Hayashi Yuichi Ioku Filename : draft-ietf-httpauth-mutual-02.txt Pages : 52 Date : 2014-04-24 Abstract: This document specifies a mutual authentication method for the Hyper- text Transfer Protocol (HTTP). This method provides a true mutual authentication between an HTTP client and an HTTP server using password-based authentication. Unlike the Basic and Digest authentication methods, the Mutual authentication method specified in this document assures the user that the server truly knows the user's encrypted password. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-httpauth-mutual/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-httpauth-mutual-02 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-httpauth-mutual-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ http-auth mailing list http-auth@ietf.org https://www.ietf.org/mailman/listinfo/http-auth -- Yutaka OIWA, Ph.D. Leader, System Life-cycle Research Group Research Institute for Secure Systems (RISEC) National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5]
- [http-auth] Fwd: I-D Action: draft-ietf-httpauth-… Yutaka OIWA
- Re: [http-auth] I-D Action: draft-ietf-httpauth-m… Yutaka OIWA
- [http-auth] I-D Action: draft-ietf-httpauth-mutua… internet-drafts
- [http-auth] I-D Action: draft-ietf-httpauth-mutua… internet-drafts
- [http-auth] I-D Action: draft-ietf-httpauth-mutua… internet-drafts