A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Mutual Authentication Protocol for HTTP
Author(s) : Y. Oiwa
Filename : draft-oiwa-http-mutualauth-06.txt
Pages : 43
Date : 2010-02-19
This document specifies the "Mutual authentication protocol for
Hyper-Text Transport Protocol". This protocol provides true mutual
authentication between HTTP clients and servers using simple
password-based authentication. Unlike The Basic and Digest HTTP
access authentication protocol, this protocol ensures that the server
knows the user's entity (encrypted password) upon successful
authentication. This prevents common phishing attacks: phishing
attackers cannot convince users that the user has been authenticated
to the genuine website. Furthermore, even when a user has been
authenticated against an illegitimate server, the server cannot gain
any bit of information about user's passwords. The protocol is
designed as an extension to the HTTP protocol, and the protocol
design intends to replace existing authentication mechanism such as
Basic/Digest access authentications and form-based authentications.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-06.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-06.txt>
-
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
