Mutual authentication protocol for HTTP

FAQ about Protocol

What is the official name of this authentication protocol?
The official name is HTTP Mutual Access Authentication or in short, Mutual Authentication like Basic Authentication and Digest Authentication.
Give me the overview of Mutual Authentication.
See Protocol Overview.
What is the difference between Mutual Authentication and existing Basic and Digest Authentications?
Mutual Authentication enables a server to check whether or not the connecting client knows the information related to the same relevant password without sending the password itself, and vice versa.
What is the difference between Mutual Authentication and TLS (SSL)?
In TLS (SSL), the server authentication allows the client to check whether or not the relevant server is one of the servers authenticated by a CA. When a Phishing server is set lawfully in a fake domain, the server can pass the authentication in TLS (SSL). In those Phishing cases, TLS (SSL) server authentication is helpless. On the other hand, Mutual Authentication enables the client and its user to detect a Phishing server in a fake domain by using the user password registered in the legitimate server. If data confidentiality is necessary in the service, TLS (SSL) is used together with Mutual Authentication.
What is PAKE?
This is the abbreviation of Password-authenticated key exchange. PAKE is a kind of protocols to establish the mutual authentication and a shared secret (typically, between a server and a client) based only on their knowledge of a password.
How can Mutual Authentication prevent Phishing Attack?
This PAKE-based mutual authentication protocol is designed not to terminate successfully unless the server knows the information related to the relevant user's password. This means that the Phishing server which does not know the password information cannot answer "Authentication Succeeded" and cheat the user.
How can Mutual Authentication prevent Man-in-the-Middle Relay Attack?
In Phishing, a server whose host name is confusable and different from that the legitimate server is used. We have refined a PAKE protocol by adding a check for a client whether or not the connecting host name and that of the legitimate server on which the user registered the password information are the same. This check make the attack impossible because the relaying (Phishing) host is different from the legitimate server.
Can I use this protocol freely?
Basically, yes. You can also use our implementations in your Web sites. However, please remind the followings: Since the protocol is not the standard and in the draft level, the spec might be changed because of the discussion in IETF and incompatible to the current spec. Since our implementations are experimental, there exist some possibilities that they contain vulnerabilities and will not be fixed.
Are there any possibilities to change the spec? If so, which changes are you planning?
Yes, there are. SSO (Single Sign-On) functionality which is the technology to realize single login process for domain-wide servers, some additional information for controlling detailed behaviors in Web applications when a user logout. We will add them with upper compatibility, but incompatible changes might be done as a result on the discussion in IETF or some vulnerabilities found in the future.
How about the future plan?
We will continue its standardization in IETF, and try to reach out to developers of standard Web browsers so that the browsers support Mutual Authentication.

See also FAQ about Design Detail.