Issues on HTTP RFC 2616, and proposed resolutions for inclusion in a future RFC2616bis ()

Stephen Farrell | 13 Jun 2012 17:06

Fwd: New Version Notification for draft-farrell-httpbis-hoba-00.txt

FYI, another potential auth mechanism.

-------- Original Message --------
Subject: New Version Notification for draft-farrell-httpbis-hoba-00.txt
Date: Wed, 13 Jun 2012 08:00:28 -0700
From: internet-drafts@...
To: stephen.farrell@...

A new version of I-D, draft-farrell-httpbis-hoba-00.txt
has been successfully submitted by Stephen Farrell and posted to the
IETF repository.

Filename:	 draft-farrell-httpbis-hoba
Revision:	 00
Title:		 HTTP Origin-Bound Authentication (HOBA)
Creation date:	 2012-06-13
WG ID:		 Individual Submission
Number of pages: 11
URL:
http://www.ietf.org/internet-drafts/draft-farrell-httpbis-hoba-00.txt
Status:          http://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba
Htmlized:        http://tools.ietf.org/html/draft-farrell-httpbis-hoba-00

Abstract:
   This memo proposes a way of using origin-bound certificates for HTTP
   authentication, called HOBA.  HOBA is an HTTP authentication method
   with credentials that are not vulnerable to simple phishing attacks,
   and that does not require a server-side password database, both major
   potential positives, if deployed.  HOBA can be integrated with

(Continue reading)