HTTP
Click on the red underlined text to get to the source
...
This document specifies a mapping of AKA parameters onto HTTP Digest
authentication. In essence, this mapping enables the usage of AKA as
...
... AKA is vulnerable to the same security threats as
HTTP authentication [2]. This chapter discusses the relevant
exceptions.
...
... In general, using passwords generated by Digest AKA with other HTTP
authentication schemes is not recommended even though the realm
values or protection domains would coincide. In these cases, a
...
... AKA
passwords MUST NOT be re-used with such HTTP authentication schemes,
which send the password in clear. In particular, AKA ...
... AKA passwords MUST
NOT be re-used with HTTP Basic.
The same principle must be applied within a scheme if several
...
... algorithms are supported. A client receiving an HTTP Digest
challenge with several available algorithms MUST choose the strongest
...
... passwords are typically quite simple, it has been
proposed that servers should not accept passwords for HTTP Digest,
which are in the dictionary [2]. This potential threat does not
...
... which are in the dictionary [2]. This potential threat does not
exist in HTTP Digest AKA because the algorithm will use ISIM
...
... passwords. However, the end-user must still be careful
with PIN codes. Even though HTTP Digest AKA password requests are
...
... does not specify the use of these additional keys, they may be used
for creating additional security within HTTP authentication or some
other security mechanism.
...
... Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A. and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617draft, June 1999. ...