The IESG has approved the following document: - 'Mutual Authentication Protocol for HTTP' (draft-ietf-httpauth-mutual-11.txt) as Experimental RFC This document is the product of the Hypertext Transfer Protocol Authentication Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-httpauth-mutual/ Technical Summary This document specifies a mutual authentication scheme for the Hypertext Transfer Protocol (HTTP). This scheme provides true mutual authentication between an HTTP client and an HTTP server using password-based authentication. Unlike the Basic and Digest authentication schemes, the Mutual authentication scheme specified in this document assures the user that the server truly knows the user's encrypted password. Working Group Summary This document is one of the experimental documents submitted to the HTTP-Auth working group. With version -8 it is the consensus of the HTTP-Auth working group that this document is fit to be published as an experimental RFC. Document Quality The proposed mutual authentication method has been reviewed by a fair number of participants. There is at least one known implementation of this protocol. The authors declared 2 IPRs: https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-ietf-httpauth-mutual Personnel Shepherd: Rifaat Shekh-Yusef Area Director: Kathleen Moriarty IANA Note This draft establishes two registries that require expert review per RFC5226. A registry for HTTP Mutual authentication algorithms and A registry for HTTP Mutual authentication host validation methods
