{"draft":"draft-torvinen-http-digest-aka-v2-02","doc_id":"RFC4169","title":"Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2","authors":["V. Torvinen","J. Arkko","M. Naslund"],"format":["ASCII","HTML"],"page_count":"13","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IETF - NON WORKING GROUP","abstract":"HTTP Digest, as specified in RFC 2617, is known to be vulnerable to\r\nman-in-the-middle attacks if the client fails to authenticate the\r\nserver in TLS, or if the same passwords are used for authentication\r\nin some other context without TLS.  This is a general problem that\r\nexists not just with HTTP Digest, but also with other IETF protocols\r\nthat use tunneled authentication.  This document specifies version 2\r\nof the HTTP Digest AKA algorithm (RFC 3310).  This algorithm can be\r\nimplemented in a way that it is resistant to the man-in-the-middle\r\nattack.  This memo provides information for the Internet community.","pub_date":"October 2005","keywords":["tls","transport layer security","tunneled authentication","man-in-the-middle attacks"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC4169","errata_url":null}