Mutual Authentication Protocol for HTTP

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: "IETF-Announce" <>
Cc:,,,,, "The IESG" <>, "Rifaat Shekh-Yusef" <>,
Subject: Document Action: 'Mutual Authentication Protocol for HTTP' to Experimental RFC (draft-ietf-httpauth-mutual-11.txt)

The IESG has approved the following document:
- 'Mutual Authentication Protocol for HTTP'
  (draft-ietf-httpauth-mutual-11.txt) as Experimental RFC

This document is the product of the Hypertext Transfer Protocol
Authentication Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

This document specifies a mutual authentication scheme for the
Hypertext Transfer Protocol (HTTP).  This scheme provides true mutual
authentication between an HTTP client and an HTTP server using
password-based authentication.  Unlike the Basic and Digest
authentication schemes, the Mutual authentication scheme specified in
this document assures the user that the server truly knows the user's
encrypted password.

Working Group Summary

  This document is one of the experimental documents submitted to the
  HTTP-Auth working group.

  With version -8 it is the consensus of the HTTP-Auth working group
  that this document is fit to be published as an experimental RFC.

Document Quality

   The proposed mutual authentication method has been reviewed by a fair
   number of participants.

   There is at least one known implementation of this protocol.

   The authors declared 2 IPRs:


   Shepherd: Rifaat Shekh-Yusef
   Area Director: Kathleen Moriarty


  This draft establishes two registries that require expert review per RFC5226.
     A registry for HTTP Mutual authentication algorithms and
     A registry for HTTP Mutual authentication host validation methods