- From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
- Date: Fri, 19 Apr 1996 17:40:52 -0700
- To: Mary Ellen Zurko <zurko@osf.org>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Proxy authentication, if I read it right, does not work for architectures
> with more than one proxy between the browser and server, each with their
> own security needs.
That is not accurate and was addressed on the list a while back:
<http://www.ics.uci.edu/pub/ietf/http/hypermail/1996q1/0365.html>
> Section 2.5 of the DAA spec says:
>
> " the proxy versions, Proxy-
> Authenticate and Proxy-Authorization, apply only to the current
> connection and must not be passed upstream or downstream. "
That part of the Digest spec is wrong. The decision of whether or not
that information is passed along is made by the Proxy. Each proxy
along the line may forward or interpret or rewrite the proxy-AA header fields.
...Roy T. Fielding
Department of Information & Computer Science (fielding@ics.uci.edu)
University of California, Irvine, CA 92717-3425 fax:+1(714)824-4056
http://www.ics.uci.edu/~fielding/
Received on Friday, 19 April 1996 17:46:40 UTC