Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2
نویسندگان
چکیده
HTTP Digest, as specified in RFC 2617, is known to be vulnerable to man-in-the-middle attacks if the client fails to authenticate the server in TLS, or if the same passwords are used for authentication in some other context without TLS. This is a general problem that exists not just with HTTP Digest, but also with other IETF protocols that use tunneled authentication. This document specifies version 2 of the HTTP Digest AKA algorithm (RFC 3310). This algorithm can be implemented in a way that it is resistant to the man-in-the-middle attack.
منابع مشابه
Internet - Draft HTTP Digest AKAv 2
HTTP Digest is known to be vulnerable to man-in-the-middle attacks, even when run inside TLS, if the same passwords are used for authentication in some other context without TLS. This is a general problem that affects not just HTTP digest but also other IETF protocols. However, for a class of strong algorithms the attack is avoidable. This document defines version 2 of the HTTP Digest AKA algor...
متن کاملRFC 4169 HTTP Digest AKAv 2 November 2005
HTTP Digest, as specified in RFC 2617, is known to be vulnerable to man-in-the-middle attacks if the client fails to authenticate the server in TLS, or if the same passwords are used for authentication in some other context without TLS. This is a general problem that exists not just with HTTP Digest, but also with other IETF protocols that use tunneled authentication. This document specifies ve...
متن کامل3G Networks A solution to Improved Authentication and Key Agreement Protocol
With the development of mobile communication network, the requirements of mobile users for data services are higher and higher, which makes data service become more diversiform and various service providers appear on after the other. As a result, data services increasingly become the main service in mobile network. The Universal Mobile Telecommunications System (UMTS) is one of the new ‘third g...
متن کاملHTTP Digest Access Authentication
The Hypertext Transfer Protocol (HTTP) provides a simple challenge-response authentication mechanism that may be used by a server to challenge a client request and by a client to provide authentication information. This document defines the HTTP Digest Authentication scheme that can be used with the HTTP authentication mechanism.
متن کاملA new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves
Voice over Internet Protocol (VoIP) has received much attention and has became a real competitor to traditional Public Switched Telephone Networks (PSTNs), where the Session Initial Protocol (SIP) is widely used as a signaling protocol based on HTTP-like request/response exchange to establish multimedia sessions in both wireline and wireless world. However, the original authentication scheme fo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- RFC
دوره 4169 شماره
صفحات -
تاریخ انتشار 2005