Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA)

This RFC was published in 2002.

Abstract

This memo specifies an Authentication and Key Agreement (AKA) based one-time password generation mechanism for Hypertext Transfer Protocol (HTTP) Digest access authentication.
The HTTP Authentication Framework includes two authentication schemes: Basic and Digest.
Both schemes employ a shared secret based mechanism for access authentication.
The AKA mechanism performs user authentication and session key distribution in Universal Mobile Telecommunications System (UMTS) networks.
AKA is a challenge- response based mechanism that uses symmetric cryptography.

RFC 3310 introduction

The Hypertext Transfer Protocol (HTTP) Authentication Framework, described in RFC 2617 [2], includes two authentication schemes: Basic and Digest.
Both schemes employ a shared secret based mechanism for access authentication.
The Basic scheme is inherently insecure in that it transmits user credentials in plain text.
The Digest scheme improves security by hiding user credentials with cryptographic hashes, and additionally by providing limited message integrity.

Download links

Click here to download RFC 3310: TXT format PDF format (coming soon)

Related RFCs

Comments