Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2 [ Vesa Torvinen, Jari Arkko, Mats Naeslund ]

Citation

Vesa Torvinen, Jari Arkko, Mats Naeslund, Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2, Internet RFC 4169, November 2005.

Descriptions

Abstract:

HTTP Digest, as specified in RFC 2617, is known to be vulnerable to man-in-the-middle attacks if the client fails to authenticate the server in TLS, or if the same passwords are used for authentication in some other context without TLS. This is a general problem that exists not just with HTTP Digest, but also with other IETF protocols that use tunneled authentication. This document specifies version 2 of the HTTP Digest AKA algorithm (RFC 3310). This algorithm can be implemented in a way that it is resistant to the man-in-the-middle attack. This memo provides information for the Internet community.

Annotation:

Keywords: AKA (Authentication and Key Agreement); Digest Access Authentication_0.8;

Associations

Updates:

updates

Aki Niemi, Jari Arkko, Vesa Torvinen, Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2, Internet RFC 3310, September 2002

Resources

Google: Search for ["Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2" Vesa Torvinen Jari Arkko Mats Naeslund]