Skip to main content

Shepherd writeup
draft-ietf-httpauth-digest

Authors are Rifaat Shekh-Yusef, David Ahrens, and Sophie Bremer. Kathleen
Moriarty is the responsible Area Director. Yoav Nir is the document 
shepherd.

Summary
   HTTP provides a simple challenge-response authentication mechanism
   that may be used by a server to challenge a client request and by a
   client to provide authentication information.  This document defines
   the HTTP Digest Authentication scheme that can be used with the HTTP
   authentication mechanism.
      
Review and Consensus
   This document is (along with the already-approved basicauth-update) 
   part of a set of documents that will collectively replace RFC 2617.  
   As such, for the most part it describes existing practice, with the 
   addition of a few things: 
    o New algorithms: SHA2-256 and SHA2-512/256.
    o Internationalized character set support.
    o username hashing for enhanced privacy,
   
   While the working group was chartered to add the new algorithms and 
   internationalization support, the addition of user name hashing is
   not in the charter. The group was specifically polled about whether 
   we wanted to add features to a legacy protocol that is anyway 
   vulnerable to dictionary attacks. The group consensus was that this 
   should be done.
   
   With version -15 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as a standards-track RFC.
         
Intellectual Property
   All authors have confirmed that they are not aware of any undisclosed 
   IPR associated with this document. There have been no IPR disclosures.
   
Other Issues
   None
Back