Authors are Rifaat Shekh-Yusef, David Ahrens, and Sophie Bremer. Kathleen
Moriarty is the responsible Area Director. Yoav Nir is the document
shepherd.
Summary
HTTP provides a simple challenge-response authentication mechanism
that may be used by a server to challenge a client request and by a
client to provide authentication information. This document defines
the HTTP Digest Authentication scheme that can be used with the HTTP
authentication mechanism.
Review and Consensus
This document is (along with the already-approved basicauth-update)
part of a set of documents that will collectively replace RFC 2617.
As such, for the most part it describes existing practice, with the
addition of a few things:
o New algorithms: SHA2-256 and SHA2-512/256.
o Internationalized character set support.
o username hashing for enhanced privacy,
While the working group was chartered to add the new algorithms and
internationalization support, the addition of user name hashing is
not in the charter. The group was specifically polled about whether
we wanted to add features to a legacy protocol that is anyway
vulnerable to dictionary attacks. The group consensus was that this
should be done.
With version -15 it is the consensus of the HTTP-Auth working group
that this document is fit to be published as a standards-track RFC.
Intellectual Property
All authors have confirmed that they are not aware of any undisclosed
IPR associated with this document. There have been no IPR disclosures.
Other Issues
None