@misc{rfc4169,
    series =    {Request for Comments},
    number =    4169,
    howpublished =  {RFC 4169},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC4169},
    url =       {https://www.rfc-editor.org/info/rfc4169},
    author =    {Mats Naslund and Jari Arkko and Vesa Torvinen},
    title =     {{Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2}},
    pagetotal = 13,
    year =      2005,
    month =     nov,
    abstract =  {HTTP Digest, as specified in RFC 2617, is known to be vulnerable to man-in-the-middle attacks if the client fails to authenticate the server in TLS, or if the same passwords are used for authentication in some other context without TLS. This is a general problem that exists not just with HTTP Digest, but also with other IETF protocols that use tunneled authentication. This document specifies version 2 of the HTTP Digest AKA algorithm (RFC 3310). This algorithm can be implemented in a way that it is resistant to the man-in-the-middle attack. This memo provides information for the Internet community.},
}