Re: [http-auth] Protocol Action: 'HTTP Digest Access Authentication' to Proposed Standard (draft-ietf-httpauth-digest-19.txt)
Yoav Nir <ynir.ietf@gmail.com> Mon, 27 April 2015 22:02 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EA0D1A1BFA for <http-auth@ietfa.amsl.com>; Mon, 27 Apr 2015 15:02:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gy1sm_XwhAKj for <http-auth@ietfa.amsl.com>; Mon, 27 Apr 2015 15:02:18 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C09881A006D for <http-auth@ietf.org>; Mon, 27 Apr 2015 15:02:17 -0700 (PDT)
Received: by wicmx19 with SMTP id mx19so94241381wic.1 for <http-auth@ietf.org>; Mon, 27 Apr 2015 15:02:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=ohL49rYGyJtK/XRbIds2E8ghaa+g/8YXzNxMTHRdtso=; b=w7GBRsEMJYP5w2AGAyRI2O1AnbzcIg3XD5BfyzQN1gA/EPzzRHrFXEAkCxBJAClTWG 2dZGaNLL2/QFHY/pE6y4jZMCE0F0Sl/yVHbQNJ8uzglWiiZd468jJCfGVtaxsYtK/3M/ XxbgO++/qVD+1xHI0+L52GL2JFuMXvJ0+JKWEkruvH2FvIiFWvLhSz+58Q9QhEDZ5KhQ q6zLkILvBjGe3D6D5SnzW9NAohcfMwCkRmLOEbAKVtpTJV64/ymKszRv7XkPZK7O/3Vm n2CRenVnKOgytb9KHkIvJCoAMBDZL3GYk//ZCK625lUGguUJegbzmCd2rq2xNGg0/SzT T3CA==
X-Received: by 10.195.18.103 with SMTP id gl7mr25775146wjd.34.1430172136131; Mon, 27 Apr 2015 15:02:16 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id fs9sm31206686wjc.34.2015.04.27.15.02.15 for <http-auth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 27 Apr 2015 15:02:15 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20150427202348.7412.77388.idtracker@ietfa.amsl.com>
Date: Tue, 28 Apr 2015 01:02:14 +0300
Content-Transfer-Encoding: 7bit
Message-Id: <DF8477BF-A838-47ED-8175-93F22CA76141@gmail.com>
References: <20150427202348.7412.77388.idtracker@ietfa.amsl.com>
To: httpauth mailing list <http-auth@ietf.org>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/st-vmVVIiqxEIvTh8FzZKjq9VKc>
Subject: Re: [http-auth] Protocol Action: 'HTTP Digest Access Authentication' to Proposed Standard (draft-ietf-httpauth-digest-19.txt)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2015 22:02:22 -0000
Congratulations to Rifaat, David and Sophie. And thanks to everyone in the group who participated. Yoav & Matt > On Apr 27, 2015, at 11:23 PM, The IESG <iesg-secretary@ietf.org> wrote: > > The IESG has approved the following document: > - 'HTTP Digest Access Authentication' > (draft-ietf-httpauth-digest-19.txt) as Proposed Standard > > This document is the product of the Hypertext Transfer Protocol > Authentication Working Group. > > The IESG contact persons are Stephen Farrell and Kathleen Moriarty. > > A URL of this Internet Draft is: > https://datatracker.ietf.org/doc/draft-ietf-httpauth-digest/ > > > > > > Technical Summary > > HTTP provides a simple challenge-response authentication mechanism > that may be used by a server to challenge a client request and by a > client to provide authentication information. This document defines > the HTTP Digest Authentication scheme that can be used with the HTTP > authentication mechanism. > > The combination of this document with the definition of the "Basic" > authentication scheme [BASIC], "The Hypertext Transfer Protocol > (HTTP) Authentication-Info and Proxy-Authentication-Info Response > Header Fields" [AUTHINFO], and [RFC7235] obsolete [RFC2617]. > > Working Group Summary > > There is WG consensus for this draft. For the most part it describes > existing practice, with the addition of a few things: > o New algorithms: SHA2-256 and SHA2-512/256. > o Internationalized character set support. > o username hashing for enhanced privacy, > > While the working group was chartered to add the new algorithms and > internationalization support, the addition of user name hashing is > not in the charter. The group was specifically polled about whether > they wanted to add features to a legacy protocol that is anyway > vulnerable to dictionary attacks. The group consensus was that this > should be done. > > With version -15 it is the consensus of the HTTP-Auth working group > that this document is fit to be published as a standards-track RFC. > > Document Quality > > There are no implementations that include these updates yet. > > Personnel > > The Document Shepherd is Yoav Nir and the > Responsible Area Director is Kathleen Moriarty. > > IANA Note > > This draft creates a registry using the 5226 "Specification Required" > registration policy. > > IANA maintains the registry of HTTP Authentication Schemes > ([RFC7235]) at <http://www.iana.org/assignments/http-authschemes> > and the entry for the "Digest" Authentication Scheme is to be added with > a pointer to this specification. > > _______________________________________________ > http-auth mailing list > http-auth@ietf.org > https://www.ietf.org/mailman/listinfo/http-auth