[Ietf-http-auth] Fwd: Correction: RFC 4169 Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2
Lisa Dusseault <lisa@osafoundation.org> Sun, 06 November 2005 16:17 UTC
Return-Path: <lisa@osafoundation.org>
X-Original-To: ietf-http-auth@osafoundation.org
Delivered-To: ietf-http-auth@osafoundation.org
Received: from laweleka.osafoundation.org (laweleka.osafoundation.org [204.152.186.98]) by leilani.osafoundation.org (Postfix) with ESMTP id 61C357F52B for <ietf-http-auth@osafoundation.org>; Sun, 6 Nov 2005 08:17:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by laweleka.osafoundation.org (Postfix) with ESMTP id 47E7314227C for <ietf-http-auth@osafoundation.org>; Sun, 6 Nov 2005 08:17:08 -0800 (PST)
Received: from laweleka.osafoundation.org ([127.0.0.1]) by localhost (laweleka.osafoundation.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07955-09 for <ietf-http-auth@osafoundation.org>; Sun, 6 Nov 2005 08:17:07 -0800 (PST)
Received: from [10.0.1.3] (unknown [207.34.158.130]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by laweleka.osafoundation.org (Postfix) with ESMTP id A5320142279 for <ietf-http-auth@osafoundation.org>; Sun, 6 Nov 2005 08:17:07 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v623)
To: HTTP authentication list <ietf-http-auth@osafoundation.org>
Message-Id: <3e5a814b1fdc04e2d050077794d05d93@osafoundation.org>
Content-Type: multipart/alternative; boundary="Apple-Mail-3-515281746"
From: Lisa Dusseault <lisa@osafoundation.org>
Date: Sun, 06 Nov 2005 08:17:00 -0800
X-Mailer: Apple Mail (2.623)
X-Virus-Scanned: by amavisd-new and clamav at osafoundation.org
X-Spam-Status: No, hits=0.0 tagged_above=-50.0 required=4.0 tests=
X-Spam-Level:
Subject: [Ietf-http-auth] Fwd: Correction: RFC 4169 Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2
X-BeenThere: ietf-http-auth@osafoundation.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-http-auth.osafoundation.org
List-Unsubscribe: <http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth>, <mailto:ietf-http-auth-request@osafoundation.org?subject=unsubscribe>
List-Archive: <http://lists.osafoundation.org/pipermail/ietf-http-auth>
List-Post: <mailto:ietf-http-auth@osafoundation.org>
List-Help: <mailto:ietf-http-auth-request@osafoundation.org?subject=help>
List-Subscribe: <http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth>, <mailto:ietf-http-auth-request@osafoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2005 16:17:08 -0000
This is informational, but we should take a close look anyway Lisa Begin forwarded message: > From: rfc-editor@rfc-editor.org > Date: November 4, 2005 5:53:22 PM PST > To: ietf-announce@ietf.org > Cc: rfc-editor@rfc-editor.org > Subject: Correction: RFC 4169 Hypertext Transfer Protocol (HTTP) > Digest Authentication Using Authentication and Key Agreement (AKA) > Version-2 > > > A new Request for Comments is now available in online RFC libraries. > > > RFC 4169 > > Title: Hypertext Transfer Protocol (HTTP) Digest > Authentication Using Authentication and Key > Agreement (AKA) Version-2 > Author(s): V. Torvinen, J. Arkko, M. Naslund > Status: Informational > Date: November 2005 > Mailbox: vesa.torvinen@turkuamk.fi, > jari.arkko@ericsson.com, mats.naslund@ericsson.com > Pages: 13 > Characters: 26429 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-torvinen-http-digest-aka-v2-02.txt > > URL: ftp://ftp.rfc-editor.org/in-notes/rfc4169.txt > > > HTTP Digest, as specified in RFC 2617, is known to be vulnerable to > man-in-the-middle attacks if the client fails to authenticate the > server in TLS, or if the same passwords are used for authentication > in some other context without TLS. This is a general problem that > exists not just with HTTP Digest, but also with other IETF protocols > that use tunneled authentication. This document specifies version 2 > of the HTTP Digest AKA algorithm (RFC 3310). This algorithm can be > implemented in a way that it is resistant to the man-in-the-middle > attack. > > This memo provides information for the Internet community. It does > not specify an Internet standard of any kind. Distribution of this > memo is unlimited. > > This announcement is sent to the IETF list and the RFC-DIST list. > Requests to be added to or deleted from the IETF distribution list > should be sent to IETF-REQUEST@IETF.ORG. Requests to be > added to or deleted from the RFC-DIST distribution list should > be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. > > Details on obtaining RFCs via FTP or EMAIL may be obtained by sending > an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body > help: ways_to_get_rfcs. For example: > > To: rfc-info@RFC-EDITOR.ORG > Subject: getting rfcs > > help: ways_to_get_rfcs > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. > Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > Submissions for Requests for Comments should be sent to > RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to > RFC > Authors, for further information. > > > Joyce K. Reynolds and Sandy Ginoza > USC/Information Sciences Institute > > ... > > Below is the data which will enable a MIME compliant Mail Reader > implementation to automatically retrieve the ASCII version > of the RFCs. > Content-Type: text/plain > Content-ID: <051104175223.RFC@RFC-EDITOR.ORG> > > _______________________________________________ > IETF-Announce mailing list > IETF-Announce@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf-announce
- [Ietf-http-auth] Fwd: Correction: RFC 4169 Hypert… Lisa Dusseault