Carl-Uno
>To: IETF-Announce:;
>Cc: http-wg@cuckoo.hpl.hp.com
>From: Internet-Drafts@ns.ietf.org
>Reply-to: Internet-Drafts@ns.ietf.org
>Subject: I-D ACTION:draft-ietf-http-authentication-01.txt
>Date: Mon, 16 Mar 1998 05:21:14 PST
>Sender: cclark@cnri.reston.va.us
>
>A New Internet-Draft is available from the on-line Internet-Drafts
directories.
>This draft is a work item of the HyperText Transfer Protocol Working Group
of the IETF.
>
> Title : HTTP Authentication: Basic and Digest
> Access Authentication
> Author(s) : J. Franks, E. Sink, P. Leach, J. Hostetler,
> P. Hallam-Baker, L. Stewart, S. Lawrence, A.
Luotonen
> Filename : draft-ietf-http-authentication-01.txt
> Pages : 26
> Date : 13-Mar-98
>
>''HTTP/1.0'' includes the specification for a Basic Access Authentication
>scheme. This scheme is not considered to be a secure method of user
>authentication (unless used in conjunction with some external secure
>system such as SSL [5]), as the user name and password are passed over
>the network as cleartext.
>
>This document also provides the specification for HTTP's authentication
>framework, the original Basic authentication scheme and a scheme based
>on cryptographic hashes, referred to as ''Digest Access Authentication''.
>It is therefore also intended to serve as a replacement for RFC 2069
>[6]. Some optional elements specified by RFC 2069 have been removed
>from this specification due to problems found since its publication;
>other new elements have been added -for compatibility, those new
>elements have been made optional, but are strongly recommended.
>
>Like Basic, Digest access authentication verifies that both parties to a
>communication know a shared secret (a password); unlike Basic, this
>verification can be done without sending the password in the clear,
>which is Basic's biggest weakness. As with most other authentication
>protocols, the greatest sources of risks are usually found not in the
>core protocol itself but in policies and procedures surrounding its use.
>
>Internet-Drafts are available by anonymous FTP. Login with the username
>"anonymous" and a password of your e-mail address. After logging in,
>type "cd internet-drafts" and then
> "get draft-ietf-http-authentication-01.txt".
>A URL for the Internet-Draft is:
>ftp://ftp.ietf.org/internet-drafts/draft-ietf-http-authentication-01.txt
>
>Internet-Drafts directories are located at:
>
> Africa: ftp.is.co.za
>
> Europe: ftp.nordu.net
> ftp.nis.garr.it
>
> Pacific Rim: munnari.oz.au
>
> US East Coast: ds.internic.net
>
> US West Coast: ftp.isi.edu
>
>Internet-Drafts are also available by mail.
>
>Send a message to: mailserv@ietf.org. In the body type:
> "FILE /internet-drafts/draft-ietf-http-authentication-01.txt".
>
>NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the "FILE"
> command. To decode the response(s), you will need "munpack" or
> a MIME-compliant mail reader. Different MIME-compliant mail readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been split
> up into multiple messages), so check your local documentation on
> how to manipulate these messages.
>
>
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.
>
><ftp://ftp.ietf.org/internet-drafts/draft-ietf-http-authentication-01.txt>
>
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com