"Josh Cohen (Exchange)" <joshco@Exchange.Microsoft.com> wrote: > Since we're talking about proxies.... > Im curious to know what others think the right thing > according to the intent of the 1.1 spec to do is > in this situation: > > If you have two chained proxy servers: > > client -> proxy1 -> proxy2 -> origin server > > If proxy 2 challenges for proxy-authentication (in its realm), > should the challenge go back to the client if proxy1 doesnt intend > to satisfy the challenge ? > > My understanding was that the intent was that this situation was > to be covered. By this I mean a client can auth to a proxy up the chain. > The spec is somewhat ambiguous, it says the proxy-auth headers are > hop-by-hop, but then mentions that chained proxy-auth can work. My understanding has always been that proxy authentication is strictly hop-by-hop. So proxy1 should not bump the authentication request up to the client. After all, it's proxy1 that has a trust relationship with proxy2, whereas the client may have no such relationship. Dave KristolReceived on Thursday, 18 November 1999 13:49:26 EST
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:34 EDT