A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Mutual Authentication Protocol for HTTP
Author(s) : Y. Oiwa
Filename : draft-oiwa-http-mutualauth-04.txt
Pages : 37
Date : 2009-02-13
This document specifies the "Mutual authentication protocol for
Hyper-Text Transport Protocol". This protocol provides true mutual
authentication between HTTP clients and servers using simple
password-based authentication. Unlike Basic and Digest HTTP access
authentication protocol, the protocol ensures that server knows the
user's entity (encrypted password) upon successful authentication.
This prevents common phishing attacks: phishing attackers cannot
convince users that the user has been authenticated to the genuine
website. Furthermore, even when a user has been authenticated
against an illegitimate server, the server cannot gain any bit of
information about user's passwords. The protocol is designed as an
extension to the HTTP protocol, and the protocol design intends to
replace existing authentication mechanism such as Basic/Digest access
authentications and form-based authentications.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-04.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-04.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt