W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

RE: Straw-man charter for http-bis -- call for errata/clarifications to 2617

From: Paul Leach <paulle@windows.microsoft.com>
Date: Thu, 31 May 2007 15:39:35 -0700
Message-ID: <76323E9F0A911944A4E9225FACFC55BA04AFFBA2@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
CC: Eric Lawrence <ericlaw@exchange.microsoft.com>, Cyrus Daboo <cyrus@daboo.name>, <ietf-http-wg@w3.org>



-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net] 
Sent: Thursday, May 31, 2007 3:12 PM
To: Paul Leach
Cc: Eric Lawrence; Cyrus Daboo; ietf-http-wg@w3.org
Subject: RE: Straw-man charter for http-bis -- call for
errata/clarifications to 2617

tor 2007-05-31 klockan 14:54 -0700 skrev Paul Leach:

> 1. The requirements (use of connection-keep-alive, proxy issues, etc) 
> for secure use of per-connection authentication could be described in 
> 2617bis.  AFAIK, these could reflect some actual implementation 
> experience.

Connection oriented authentication requires support in the base HTTP
specs for such schemes, as it has far going implications on transport
and message requirements.
[Paul Leach] Since I think people safely use it today, I don't think any
additions are needed. At least when no proxy server is involved -- I
forget the trick used to make sure that proxies preserve connection
semantics before relying on Kerb/SPNEGO when using a proxy. It may be
that they won't be used if a proxy is involved.

Would be more fruitful to rework NTLM/Negotiate to fit in the HTTP
message model I think, operating somewhat similar in principle (but
obviously not algorithm) to Digest MD5-sess with a virtual session
identifier separate from the transport connection.
[Paul Leach] That was what my second suggestion from the message, part
of which you quoted above, was about. I guess it wasn't clear enough. 

It would be a better approach, but it would still be pretty helpful to
tell people how to interop with the existing approach. 
Received on Thursday, 31 May 2007 22:40:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT