Technical Summary
This document specifies a mutual authentication scheme for the
Hypertext Transfer Protocol (HTTP). This scheme provides true mutual
authentication between an HTTP client and an HTTP server using
password-based authentication. Unlike the Basic and Digest
authentication schemes, the Mutual authentication scheme specified in
this document assures the user that the server truly knows the user's
encrypted password.
Working Group Summary
This document is one of the experimental documents submitted to the
HTTP-Auth working group.
With version -8 it is the consensus of the HTTP-Auth working group
that this document is fit to be published as an experimental RFC.
Document Quality
The proposed mutual authentication method has been reviewed by a fair
number of participants.
There is at least one known implementation of this protocol.
The authors declared 2 IPRs:
https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-ietf-httpauth-mutual
Personnel
Shepherd: Rifaat Shekh-Yusef
Area Director: Kathleen Moriarty
IANA Note
This draft establishes two registries that require expert review per RFC5226.
A registry for HTTP Mutual authentication algorithms and
A registry for HTTP Mutual authentication host validation methods