draft-ietf-httpauth-digest-06.txt   draft-ietf-httpauth-digest-07.txt 
HTTPAuth Working Group R. Shekh-Yusef, Ed. HTTPAuth Working Group R. Shekh-Yusef, Ed.
Internet-Draft D. Ahrens Internet-Draft D. Ahrens
Obsoletes: 2617 (if approved) Avaya Obsoletes: 2617 (if approved) Avaya
Intended Status: Standards Track S. Bremer Intended Status: Standards Track S. Bremer
Expires: October 11, 2014 Netzkonform Expires: October 28, 2014 Netzkonform
April 9, 2014 April 26, 2014
HTTP Digest Access Authentication HTTP Digest Access Authentication
draft-ietf-httpauth-digest-06 draft-ietf-httpauth-digest-07
Abstract Abstract
HTTP provides a simple challenge-response authentication mechanism HTTP provides a simple challenge-response authentication mechanism
that may be used by a server to challenge a client request and by a that may be used by a server to challenge a client request and by a
client to provide authentication information. This document defines client to provide authentication information. This document defines
the HTTP Digest Authentication scheme that may be used with the the HTTP Digest Authentication scheme that may be used with the
authentication mechanism. authentication mechanism.
Status of this Memo Status of this Memo
skipping to change at page 16, line 40 skipping to change at page 16, line 40
When a server receives a request to access a resource, the server When a server receives a request to access a resource, the server
might challenge the client by responding with "401 Unauthorized" might challenge the client by responding with "401 Unauthorized"
status code, and include one or more WWW-Authenticate headers. If the status code, and include one or more WWW-Authenticate headers. If the
server challenges with multiple Digest headers, then each one of server challenges with multiple Digest headers, then each one of
these headers MUST use a different digest algorithm. The server MUST these headers MUST use a different digest algorithm. The server MUST
add these Digest headers to the response in order of preference, add these Digest headers to the response in order of preference,
starting with the most preferred header, followed by the less starting with the most preferred header, followed by the less
preferred headers. preferred headers.
This specification defines the following preference list, starting This specification defines the following algorithms:
with the most preferred algorithm:
* SHA2-256 * SHA2-256 (mandatory to implement)
* SHA2-512/256 * SHA2-512/256 (as a backup algorithm)
* MD5 (for backward compatibility). * MD5 (for backward compatibility).
When the client receives the response it SHOULD use the topmost When the client receives the response it SHOULD use the topmost
header that it supports, unless a local policy dictates otherwise. header that it supports, unless a local policy dictates otherwise.
The client should ignore any challenge it does not understand. The client should ignore any challenge it does not understand.
3.8 Proxy-Authenticate and Proxy-Authorization 3.8 Proxy-Authenticate and Proxy-Authorization
The digest authentication scheme may also be used for authenticating The digest authentication scheme may also be used for authenticating
users to proxies, proxies to proxies, or proxies to origin servers by users to proxies, proxies to proxies, or proxies to origin servers by
skipping to change at page 27, line 18 skipping to change at page 27, line 18
6.1 HTTP Digest Hash Algorithms Registry 6.1 HTTP Digest Hash Algorithms Registry
This specification creates a new IANA registry named "HTTP Digest This specification creates a new IANA registry named "HTTP Digest
Hash Algorithms". When registering a new hash algorithm, the Hash Algorithms". When registering a new hash algorithm, the
following information MUST be provided: following information MUST be provided:
o Hash Algorithm o Hash Algorithm
The textual name of the hash algorithm. The textual name of the hash algorithm.
o Digest Size o Digest Size
The size of the algorithm's output in hexadecimal characters. The size of the algorithm's output in bits.
o Reference o Reference
A reference to the specification that describes the new algorithm. A reference to the specification that describes the new algorithm.
The update policy for this registry shall be Specification Required. The update policy for this registry shall be Specification Required.
The initial registry will contain the following entries: The initial registry will contain the following entries:
Hash Algorithm Digest Size Reference Hash Algorithm Digest Size Reference
-------------- ----------- --------- -------------- ----------- ---------
"MD5" 32 RFC XXXX "MD5" 128 RFC XXXX
"SHA-512-256" 64 RFC XXXX "SHA-512-256" 256 RFC XXXX
"SHA-256" 64 RFC XXXX "SHA-256" 256 RFC XXXX
Each one of the algorithms defined in the registry might have a -sess Each one of the algorithms defined in the registry might have a -sess
variant, e.g. MD5-sess, SHA-256-sess, etc. variant, e.g. MD5-sess, SHA-256-sess, etc.
6.2 Digest Scheme Registration 6.2 Digest Scheme Registration
This specification registers the Digest scheme with the This specification registers the Digest scheme with the
Authentication Scheme Registry. Authentication Scheme Registry.
Authentication Scheme Name: Digest Authentication Scheme Name: Digest
 End of changes. 6 change blocks. 
11 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/