---
- branch: MAIN
  date: Fri Sep 10 05:15:16 UTC 2010
  files:
  - new: '1.1'
    old: '0'
    path: src/crypto/external/bsd/netpgp/dist/src/libpaa/PubKeyAccessAuthScheme.txt
    pathrev: src/crypto/external/bsd/netpgp/dist/src/libpaa/PubKeyAccessAuthScheme.txt@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: src/crypto/external/bsd/netpgp/dist/src/libpaa/client.c
    pathrev: src/crypto/external/bsd/netpgp/dist/src/libpaa/client.c@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.3
    pathrev: src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.3@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.c
    pathrev: src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.c@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.h
    pathrev: src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.h@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: src/crypto/external/bsd/netpgp/dist/src/libpaa/server.c
    pathrev: src/crypto/external/bsd/netpgp/dist/src/libpaa/server.c@1.1
    type: added
  id: 20100910T051516Z.1f1a93296be9ff7f258a05c0d8a6760c901be9e4
  log: "Add an implementation of the Pubkey Access Authentication Scheme proposed\nby
    Oliver Gould in\n\n\thttp://www.olix0r.net/PubKeyAccessAuthScheme.txt\n\nThis
    implementation includes an example client and server program, but\nis not (yet)
    hooked into the build.\n\nTo quote from Oliver's RFC:\n\n\tHTTP services are a
    core Internet technology, yet the Digest\n\tauthentication scheme provided by
    RFC 2617 only describes\n\tauthentication by way of shared-secrets (i.e.  passwords).\n\tThis
    model has operational drawbacks, as authenticating\n\tservices are required to
    have access to a user's secret (or a\n\thash thereof), or retrograde technologies,
    such as cookies,\n\tare employed.\n\n\tSimilarly to SSH's \"publickey\" authentication
    method [RFC\n\t4252], the PubKey Access Authentication scheme allows an HTTP\n\tserver
    to authenticate clients using public key credentials.\n\n\tLike the Digest Access
    Authentication Scheme [RFC 2617], the\n\tPubKey.v1 scheme is based on a simple
    challenge-response\n\tparadigm.  The PubKey scheme responds to unauthorized clients\n\twith
    a challenge value; and a valid response contains a\n\tcryptographic signature
    of client's id, the authentication\n\trealm, and the server's challenge.\n\n\tThe
    client's secret never leaves the client.  The server\n\tverifies the client's
    signed authorization request with the\n\tclient's published public keys.\n\nlibpaa(3)
    uses libnetpgp(3) for its digital signatures, SHA1Init(3)\nfor digests, and base64
    encoding for transmission of data.\n"
  module: src
  subject: 'CVS commit: src/crypto/external/bsd/netpgp/dist/src/libpaa'
  unixtime: '1284095716'
  user: agc