Document Action: 'Mutual Authentication Protocol for HTTP' to Experimental RFC (draft-ietf-httpauth-mutual-11.txt)

The IESG <> Fri, 06 January 2017 22:12 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 8B13E126BF7; Fri, 6 Jan 2017 14:12:17 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Document Action: 'Mutual Authentication Protocol for HTTP' to Experimental RFC (draft-ietf-httpauth-mutual-11.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Fri, 06 Jan 2017 14:12:17 -0800
Archived-At: <>
Cc:,,,, The IESG <>,
X-Mailman-Version: 2.1.17
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Jan 2017 22:12:17 -0000

The IESG has approved the following document:
- 'Mutual Authentication Protocol for HTTP'
  (draft-ietf-httpauth-mutual-11.txt) as Experimental RFC

This document is the product of the Hypertext Transfer Protocol
Authentication Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

This document specifies a mutual authentication scheme for the
Hypertext Transfer Protocol (HTTP).  This scheme provides true mutual
authentication between an HTTP client and an HTTP server using
password-based authentication.  Unlike the Basic and Digest
authentication schemes, the Mutual authentication scheme specified in
this document assures the user that the server truly knows the user's
encrypted password.

Working Group Summary

  This document is one of the experimental documents submitted to the
  HTTP-Auth working group.

  With version -8 it is the consensus of the HTTP-Auth working group
  that this document is fit to be published as an experimental RFC.

Document Quality

   The proposed mutual authentication method has been reviewed by a fair
   number of participants.

   There is at least one known implementation of this protocol.

   The authors declared 2 IPRs:


   Shepherd: Rifaat Shekh-Yusef
   Area Director: Kathleen Moriarty


  This draft establishes two registries that require expert review per RFC5226.
     A registry for HTTP Mutual authentication algorithms and
     A registry for HTTP Mutual authentication host validation methods