Skip to main content

Mutual Authentication Protocol for HTTP: Cryptographic Algorithms Based on the Key Agreement Mechanism 3 (KAM3)

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: "IETF-Announce" <>
Cc: "Yoav Nir" <>,,,,, "The IESG" <>,,
Subject: Document Action: 'Mutual Authentication Protocol for HTTP: KAM3-based Cryptographic Algorithms' to Experimental RFC (draft-ietf-httpauth-mutual-algo-07.txt)

The IESG has approved the following document:
- 'Mutual Authentication Protocol for HTTP: KAM3-based Cryptographic
  (draft-ietf-httpauth-mutual-algo-07.txt) as Experimental RFC

This document is the product of the Hypertext Transfer Protocol
Authentication Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document specifies cryptographic algorithms for use with the
   Mutual user authentication method for the Hyper-text Transport
   Protocol (HTTP).

Working Group Summary

   This document is one in a three-part set of documents describing the
   Mutual-Auth authentication method for HTTP. This part describes the
   cryptographic algorithms for use with MutualAuth. The algorithms are 
   based on Augmented Password-based Authenticated Key Exchange 
   (Augmented PAKE) techniques.

   With version -05 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as an experimental RFC.
   The document received a moderate amount of review from the working 
   group. In addition we solicited and received a review from Melinda 

Document Quality

  There are implementations of this protocol written by the authors.
   They take the form of a modified web server and a fork of the Firefox
   browser that include this functionality.


   Yoav Nir is the document shepherd.
   Kathleen Moriarty is the responsible Area Director. 


  This document defines four new tokens to be added to the "HTTP Mutual
   authentication algorithms" registry.

RFC Editor Note