Skip to main content

Mutual Authentication Protocol for HTTP: Cryptographic Algorithms Based on the Key Agreement Mechanism 3 (KAM3)
RFC 8121

Revision differences

Document history

Date Rev. By Action
2017-04-11
07 (System)
Received changes through RFC Editor sync (created alias RFC 8121, changed title to 'Mutual Authentication Protocol for HTTP: Cryptographic Algorithms Based on the Key …
Received changes through RFC Editor sync (created alias RFC 8121, changed title to 'Mutual Authentication Protocol for HTTP: Cryptographic Algorithms Based on the Key Agreement Mechanism 3 (KAM3)', changed abstract to 'This document specifies cryptographic algorithms for use with the Mutual user authentication method for the Hypertext Transfer Protocol (HTTP).', changed pages to 17, changed standardization level to Experimental, changed state to RFC, added RFC published event at 2017-04-11, changed IESG state to RFC Published)
2017-04-11
07 (System) RFC published
2017-04-03
07 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2017-03-16
07 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2017-03-08
07 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2017-03-08
07 (System) RFC Editor state changed to RFC-EDITOR from IANA
2017-03-08
07 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2017-02-21
07 (System) IANA Action state changed to Waiting on Authors from In Progress
2017-02-21
07 (System) IANA Action state changed to In Progress from On Hold
2017-02-10
07 (System) RFC Editor state changed to IANA from AUTH
2017-02-09
07 (System) RFC Editor state changed to AUTH from EDIT
2017-01-09
07 (System) RFC Editor state changed to EDIT from MISSREF
2016-11-15
07 (System) RFC Editor state changed to MISSREF
2016-11-15
07 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2016-11-15
07 (System) Announcement was received by RFC Editor
2016-11-14
07 (System) IANA Action state changed to On Hold
2016-11-14
07 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup
2016-11-14
07 Cindy Morgan IESG has approved the document
2016-11-14
07 Cindy Morgan Closed "Approve" ballot
2016-11-14
07 Cindy Morgan Ballot approval text was generated
2016-11-13
07 (System) Sub state has been changed to AD Followup from Revised ID Needed
2016-11-13
07 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2016-11-13
07 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-07.txt
2016-11-13
07 (System) New version approved
2016-11-13
07 (System) Request for posting confirmation emailed to previous authors: "Hiromitsu Takagi" , "Yutaka Oiwa" , "Kaoru Maeda" , "Yuichi Ioku" , "Tatsuya Hayashi" , "Hajime Watanabe"
2016-11-13
07 Yutaka Oiwa Uploaded new revision
2016-11-12
06 Jean Mahoney Closed request for Last Call review by GENART with state 'No Response'
2016-11-10
06 Tero Kivinen Closed request for Last Call review by SECDIR with state 'No Response'
2016-11-03
06 Cindy Morgan IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation
2016-11-03
06 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2016-11-03
06 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2016-11-03
06 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov
2016-11-03
06 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2016-11-02
06 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2016-11-02
06 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2016-11-02
06 Ben Campbell
[Ballot comment]
I agree with Mirja that the IPR section in this draft seems misplaced, and applies more to the mutual-auth mechanism draft. If it …
[Ballot comment]
I agree with Mirja that the IPR section in this draft seems misplaced, and applies more to the mutual-auth mechanism draft. If it needs to stay in this draft, please see my comment about the similar section in the mutual-auth draft.
2016-11-02
06 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2016-11-02
06 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2016-11-02
06 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2016-11-02
06 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2016-11-01
06 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2016-11-01
06 Benoît Claise [Ballot Position Update] Position for Benoit Claise has been changed to No Objection from No Record
2016-11-01
06 Benoît Claise
[Ballot comment]
Some editorial comments from our OPS-DIR reviewer, Qin Wu.

This document defines four HTTP Mutual authentication algorithms which use with Mutual authentication protocol …
[Ballot comment]
Some editorial comments from our OPS-DIR reviewer, Qin Wu.

This document defines four HTTP Mutual authentication algorithms which use with Mutual authentication protocol for HTTP, two for Discrete Logarithm settings, two for elliptic curve settings. In addition, the security of this algorithm is well analyzed.

There is no major issue. I believe this document is ready for publication. Here are a few editorial comments I like to ask authors to consider:

Minor issues:

1.      Section 1.1 said:



When a natural

  number output is required, the notation INT(H(s)) is used.





I will see INT(H(s)) as a formula to convert H(s) into natural number

2.      Section 2, 1st paragraph:

What is DL-based notations? Can you expand DL? Is it Description Logic or something else?

You can consider to add acronym and abbreviation section.

3.Section 2, 2nd paragraph and the figure that describe protocol exchange for four value

Where you define the first two messages in this draft? Are you referred to the first messages that contain ID, K_c1 and K_s1 respectively in the figure? I don’t see you specify message format or give a message name? I don’t see you related text with the message shown in the figure?



In addition, where the last two message defined in [I-D.ietf-httpauth-mutual]? Can you provide section number?

By reading [[I-D.ietf-httpauth-mutual], I see K_c1, K_s1, VK_c,VK_s has already been defined in [[I-D.ietf-httpauth-mutual], I feel confused and am wondering if this draft really defines the first two messages? Or four message shown in the figure are all defined in the [[I-D.ietf-httpauth-mutual].



4.Section 3.1, 3rd paragraph said:



The functions named octet(), OCTETS(), and INT() are those defined in

the core specification [I-D.ietf-httpauth-mutual].



Is the core specification [I-D.ietf-httpauth-mutual]the core document mentioned in section 3? If yes, please make them consistent.



5.Section 3.3, symbol “G”

g: for "the generator" associated with the group.

How the symobol “G” is different from symbol “g”in the section 3.2? Does G stand for the generator associated with the defined group? What do you mean “the defined point”? Would be great to clarify the difference between G and g.



6.Section 5.2 said:



In the EC setting, r has to be

prime.  Defining a variation of this algorithm using a different

domain parameter SHOULD be attentive to these conditions.



What is EC setting? Please expand EC? Elliptic Curve? Please make this clear or add this abbreviation into abbreviation section.



Nites:

1.Section 1,1st paragraph

s/ use withMutual authentication protocol/ use with Mutual authentication protocol

2.Section 5.2

s/ mixing values from from two/ mixing values from two



-Qin
2016-11-01
06 Benoît Claise Ballot comment text updated for Benoit Claise
2016-11-01
06 Mirja Kühlewind
[Ballot comment]
In relation to Alvaro's comment on draft-ietf-httpauth-mutual, the first part of the Intellectual Properties Notice does not seem to apply here and …
[Ballot comment]
In relation to Alvaro's comment on draft-ietf-httpauth-mutual, the first part of the Intellectual Properties Notice does not seem to apply here and the note is probably not needed at all.
2016-11-01
06 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2016-10-31
06 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2016-10-27
06 Kathleen Moriarty IESG state changed to IESG Evaluation from Waiting for Writeup
2016-10-27
06 Kathleen Moriarty Ballot has been issued
2016-10-27
06 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2016-10-27
06 Kathleen Moriarty Created "Approve" ballot
2016-10-27
06 Kathleen Moriarty Ballot writeup was changed
2016-10-25
06 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2016-10-25
06 Sabrina Tanamal
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-httpauth-mutual-algo-06.txt. If any part of this review is inaccurate, please let …
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-httpauth-mutual-algo-06.txt. If any part of this review is inaccurate, please let us know.

Upon approval of this document, we understand that there is a single registry action to complete.

We understand that some of the actions requested in the IANA Considerations section of this document are dependent upon the approval of and completion of IANA Actions in another document:

https://tools.ietf.org/html/draft-ietf-httpauth-mutual-09

In that document a HTTP authentication algorithms registry is to be created.

In the current document, upon approval of draft-ietf-httpauth-mutual, four new tokens will be added to the new registry as follows:

+-------------------------+-------------------------+---------------+
| Token | Description | Reference |
+-------------------------+-------------------------+---------------+
| iso-kam3-dl-2048-sha256 | ISO-11770-4 KAM3, | [ RFC-to-be ] |
| | 2048-bit DL | |
| iso-kam3-dl-4096-sha512 | ISO-11770-4 KAM3, | [ RFC-to-be ] |
| | 4096-bit DL | |
| iso-kam3-ec-p256-sha256 | ISO-11770-4 KAM3, | [ RFC-to-be ] |
| | 256-bit EC | |
| iso-kam3-ec-p521-sha512 | ISO-11770-4 KAM3, | [ RFC-to-be ] |
| | 521-bit EC | |
+-------------------------+-------------------------+---------------+

We understand that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

Thank you,

Sabrina Tanamal
IANA Services Specialist
PTI
2016-10-25
06 (System) IESG state changed to Waiting for Writeup from In Last Call
2016-10-22
06 Gunter Van de Velde Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Qin Wu.
2016-10-18
06 Kathleen Moriarty Placed on agenda for telechat - 2016-11-03
2016-10-14
06 Tero Kivinen Request for Last Call review by SECDIR is assigned to Takeshi Takahashi
2016-10-14
06 Tero Kivinen Request for Last Call review by SECDIR is assigned to Takeshi Takahashi
2016-10-14
06 Jean Mahoney Request for Last Call review by GENART is assigned to Orit Levin
2016-10-14
06 Jean Mahoney Request for Last Call review by GENART is assigned to Orit Levin
2016-10-12
06 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Qin Wu
2016-10-12
06 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Qin Wu
2016-10-11
06 Amy Vezza IANA Review state changed to IANA - Review Needed
2016-10-11
06 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: "Yoav Nir" , ynir.ietf@gmail.com, httpauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, http-auth@ietf.org, …
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: "Yoav Nir" , ynir.ietf@gmail.com, httpauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, http-auth@ietf.org, draft-ietf-httpauth-mutual-algo@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Mutual Authentication Protocol for HTTP: KAM3-based Cryptographic Algorithms) to Experimental RFC


The IESG has received a request from the Hypertext Transfer Protocol
Authentication WG (httpauth) to consider the following document:
- 'Mutual Authentication Protocol for HTTP: KAM3-based Cryptographic
  Algorithms'
  as Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-10-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document specifies cryptographic algorithms for use with the
  Mutual user authentication method for the Hyper-text Transport
  Protocol (HTTP).




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-httpauth-mutual-algo/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-httpauth-mutual-algo/ballot/


No IPR declarations have been submitted directly on this I-D.




2016-10-11
06 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2016-10-11
06 Kathleen Moriarty Last call was requested
2016-10-11
06 Kathleen Moriarty Ballot approval text was generated
2016-10-11
06 Kathleen Moriarty Ballot writeup was generated
2016-10-11
06 Kathleen Moriarty IESG state changed to Last Call Requested from Publication Requested
2016-10-11
06 Kathleen Moriarty Last call announcement was generated
2016-10-11
06 Kathleen Moriarty Changed consensus to Yes from Unknown
2016-10-11
06 Kathleen Moriarty IESG state changed to Publication Requested from AD is watching
2016-09-21
06 Kathleen Moriarty IESG state changed to AD is watching from AD Evaluation
2016-08-16
06 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-06.txt
2016-08-14
05 Kathleen Moriarty IESG state changed to AD Evaluation from Publication Requested
2016-07-17
05 Yoav Nir
Authors are Yutaka Oiwa, Hajime Watanabe, Hiromitsu Takagi, Kaoru Maeda,
Tatsuya Hayashi and Yuichi Ioku. Kathleen Moriarty is the responsible
Area Director. Yoav Nir is …
Authors are Yutaka Oiwa, Hajime Watanabe, Hiromitsu Takagi, Kaoru Maeda,
Tatsuya Hayashi and Yuichi Ioku. Kathleen Moriarty is the responsible
Area Director. Yoav Nir is the document shepherd.

Summary
  This document specifies cryptographic algorithms for use with the
  Mutual user authentication method for the Hyper-text Transport
  Protocol (HTTP).
 
Review and Consensus
  This document is one in a three-part set of documents describing the
  Mutual-Auth authentication method for HTTP. This part describes the
  cryptographic algorithms for use with MutualAuth. The algorithms are
  based on Augmented Password-based Authenticated Key Exchange
  (Augmented PAKE) techniques.

  With version -05 it is the consensus of the HTTP-Auth working group
  that this document is fit to be published as an experimental RFC.
  The document received a moderate amount of review from the working
  group. In addition we solicited and received a review from Melinda
  Shore.
 
  There are implementations of this protocol written by the authors.
  They take the form of a modified web server and a fork of the Firefox
  browser that include this functionality.
 
Intellectual Property
  All authors have confirmed that they are not aware of any undisclosed
  IPR associated with this document. There have been no IPR disclosures.
 
Other Issues
  None
2016-07-17
05 Yoav Nir Responsible AD changed to Kathleen Moriarty
2016-07-17
05 Yoav Nir IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2016-07-17
05 Yoav Nir IESG state changed to Publication Requested
2016-07-17
05 Yoav Nir IESG process started in state Publication Requested
2016-07-16
05 Yoav Nir Changed document writeup
2016-07-16
05 Yoav Nir Notification list changed to "Yoav Nir" <ynir.ietf@gmail.com>
2016-07-16
05 Yoav Nir Document shepherd changed to Yoav Nir
2016-07-16
05 Yoav Nir Intended Status changed to Experimental from None
2016-07-16
05 Yoav Nir IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document
2016-05-25
05 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-05.txt
2016-04-04
04 Yoav Nir Added to session: IETF-95: httpauth  Wed-1620
2016-01-06
04 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-04.txt
2015-07-06
03 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-03.txt
2015-02-19
02 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-02.txt
2014-08-18
01 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-01.txt
2014-07-04
00 Yutaka Oiwa New version available: draft-ietf-httpauth-mutual-algo-00.txt