Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2
RFC 4169
Document Type RFC - Informational (November 2005; No errata)
Was draft-torvinen-http-digest-aka-v2 (individual in tsv area)
Authors Mats Naslund  , Jari Arkko  , Vesa Torvinen 
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4169 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Allison Mankin
Send notices to mankin@psg.com
Email authors IPR 2 References Referenced by Nits 
Network Working Group                                        V. Torvinen
Request for Comments: 4169                             Turku Polytechnic
Category: Informational                                         J. Arkko
                                                              M. Naslund
                                                                Ericsson
                                                           November 2005

     Hypertext Transfer Protocol (HTTP) Digest Authentication Using
            Authentication and Key Agreement (AKA) Version-2

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   HTTP Digest, as specified in RFC 2617, is known to be vulnerable to
   man-in-the-middle attacks if the client fails to authenticate the
   server in TLS, or if the same passwords are used for authentication
   in some other context without TLS.  This is a general problem that
   exists not just with HTTP Digest, but also with other IETF protocols
   that use tunneled authentication.  This document specifies version 2
   of the HTTP Digest AKA algorithm (RFC 3310).  This algorithm can be
   implemented in a way that it is resistant to the man-in-the-middle
   attack.

Torvinen                     Informational                      [Page 1]
RFC 4169                   HTTP Digest AKAv2               November 2005

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . .  4
   2.  HTTP Digest AKAv2  . . . . . . . . . . . . . . . . . . . . . .  5
       2.1.  Password generation  . . . . . . . . . . . . . . . . . .  6
       2.2.  Session keys . . . . . . . . . . . . . . . . . . . . . .  6
   3.  Example Digest AKAv2 Operation . . . . . . . . . . . . . . . .  7
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
       4.1.  Multiple Authentication Schemes and Algorithms . . . . .  7
       4.2.  Session Protection . . . . . . . . . . . . . . . . . . .  7
       4.3.  Man-in-the-middle attacks  . . . . . . . . . . . . . . .  8
       4.4.  Entropy  . . . . . . . . . . . . . . . . . . . . . . . .  9
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
       5.1.  Registration Information . . . . . . . . . . . . . . . . 10
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
       6.1.  Normative References . . . . . . . . . . . . . . . . . . 11
       6.2.  Informative References . . . . . . . . . . . . . . . . . 11

1.  Introduction

   The Hypertext Transfer Protocol (HTTP) Digest Authentication,
   described in [4], has been extended in [6] to support the
   Authentication and Key Agreement (AKA) mechanism [7].  The AKA
   mechanism performs authentication and session key agreement in
   Universal Mobile Telecommunications System (UMTS) networks.  HTTP
   Digest AKA enables the usage of AKA as a one-time password generation
   mechanism for Digest authentication.

   HTTP Digest is known to be vulnerable to man-in-the-middle attacks,
   even when run inside TLS, if the same HTTP Digest authentication
   credentials are used in some other context without TLS.  The attacker
   may initiate a TLS session with a server, and when the server
   challenges the attacker with HTTP Digest, the attacker masquerades
   the server to the victim.  If the victim responds to the challenge,
   the attacker is able to use this response towards the server in HTTP
   Digest.  Note that this attack is an instance of a general attack
   that affects a number of IETF protocols, such as PIC.  The general
   problem is discussed in [8] and [9].

   Because of the vulnerability described above, the use of HTTP Digest
   "AKAv1" should be limited to the situations in which the client is
   able to demonstrate that, in addition to the AKA response, it
   possesses the AKA session keys.  This is possible, for example, if
   the underlying security protocol uses the AKA-generated session keys
   to protect the authentication response.  This is the case, for
   example, in the 3GPP IP Multimedia Core Network Subsystem (IMS),
   where HTTP Digest "AKAv1" is currently applied.  However, HTTP Digest

Torvinen                     Informational                      [Page 2]
RFC 4169                   HTTP Digest AKAv2               November 2005

   "AKAv1" should not be used with tunnelled security protocols that do
   not utilize the AKA session keys.  For example, the use of HTTP
   Digest "AKAv1" is not necessarily secure with TLS if the server side
   is authenticated using certificates and the client side is
   authenticated using HTTP Digest AKA.

   There are at least four potential solutions to the problem:

   1.  The use of the authentication credentials is limited to one
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools