tor 2007-05-31 klockan 14:54 -0700 skrev Paul Leach: > 1. The requirements (use of connection-keep-alive, proxy issues, etc) > for secure use of per-connection authentication could be described in > 2617bis. AFAIK, these could reflect some actual implementation > experience. Connection oriented authentication requires support in the base HTTP specs for such schemes, as it has far going implications on transport and message requirements. Would be more fruitful to rework NTLM/Negotiate to fit in the HTTP message model I think, operating somewhat similar in principle (but obviously not algorithm) to Digest MD5-sess with a virtual session identifier separate from the transport connection. Such work would fit nicely in RFC2617bis. Regards HenrikReceived on Thursday, 31 May 2007 22:12:39 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 4 October 2011 12:13:58 GMT