Mutual Authentication Protocol for HTTP

The information below is for an old version of the document
Document Type Expired Internet-Draft (httpauth WG)
Authors Yutaka Oiwa  , Hajime Watanabe  , Hiromitsu Takagi  , Kaoru Maeda  , Tatsuya Hayashi  , Yuichi Ioku 
Last updated 2015-02-19 (latest revision 2014-08-18)
Replaces draft-oiwa-httpbis-mutualauth
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies a mutual authentication method for the Hyper- text Transfer Protocol (HTTP). This method provides a true mutual authentication between an HTTP client and an HTTP server using password-based authentication. Unlike the Basic and Digest authentication methods, the Mutual authentication method specified in this document assures the user that the server truly knows the user's encrypted password.


Yutaka Oiwa (
Hajime Watanabe
Hiromitsu Takagi
Kaoru Maeda
Tatsuya Hayashi
Yuichi Ioku

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)