RFC 4169

Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2, November 2005

Canonical URL:
https://www.rfc-editor.org/rfc/rfc4169.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Authors:
V. Torvinen
J. Arkko
M. Naslund
Stream:
IETF
Source:
NON WORKING GROUP

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC4169

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

HTTP Digest, as specified in RFC 2617, is known to be vulnerable to man-in-the-middle attacks if the client fails to authenticate the server in TLS, or if the same passwords are used for authentication in some other context without TLS. This is a general problem that exists not just with HTTP Digest, but also with other IETF protocols that use tunneled authentication. This document specifies version 2 of the HTTP Digest AKA algorithm (RFC 3310). This algorithm can be implemented in a way that it is resistant to the man-in-the-middle attack. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×