{
  "draft": "draft-torvinen-http-digest-aka-v2-02",
  "doc_id": "RFC4169",
  "title": "Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2",
  "authors": [
    "V. Torvinen",
    "J. Arkko",
    "M. Naslund"
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "13",
  "pub_status": "INFORMATIONAL",
  "status": "INFORMATIONAL",
  "source": "IETF - NON WORKING GROUP",
  "abstract": "HTTP Digest, as specified in RFC 2617, is known to be vulnerable to man-in-the-middle attacks if the client fails to authenticate the server in TLS, or if the same passwords are used for authentication in some other context without TLS.  This is a general problem that exists not just with HTTP Digest, but also with other IETF protocols that use tunneled authentication.  This document specifies version 2 of the HTTP Digest AKA algorithm (RFC 3310).  This algorithm can be implemented in a way that it is resistant to the man-in-the-middle attack.  This memo provides information for the Internet community.",
  "pub_date": "November 2005",
  "keywords": [
    "tls",
    "transport layer security",
    "tunneled authentication",
    "man-in-the-middle attacks"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC4169",
  "errata_url": null
}