- From: Paul Leach <paulle@windows.microsoft.com>
- Date: Thu, 31 May 2007 15:39:35 -0700
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- CC: Eric Lawrence <ericlaw@exchange.microsoft.com>, Cyrus Daboo <cyrus@daboo.name>, <ietf-http-wg@w3.org>
-----Original Message----- From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net] Sent: Thursday, May 31, 2007 3:12 PM To: Paul Leach Cc: Eric Lawrence; Cyrus Daboo; ietf-http-wg@w3.org Subject: RE: Straw-man charter for http-bis -- call for errata/clarifications to 2617 tor 2007-05-31 klockan 14:54 -0700 skrev Paul Leach: > 1. The requirements (use of connection-keep-alive, proxy issues, etc) > for secure use of per-connection authentication could be described in > 2617bis. AFAIK, these could reflect some actual implementation > experience. Connection oriented authentication requires support in the base HTTP specs for such schemes, as it has far going implications on transport and message requirements. [Paul Leach] Since I think people safely use it today, I don't think any additions are needed. At least when no proxy server is involved -- I forget the trick used to make sure that proxies preserve connection semantics before relying on Kerb/SPNEGO when using a proxy. It may be that they won't be used if a proxy is involved. Would be more fruitful to rework NTLM/Negotiate to fit in the HTTP message model I think, operating somewhat similar in principle (but obviously not algorithm) to Digest MD5-sess with a virtual session identifier separate from the transport connection. [Paul Leach] That was what my second suggestion from the message, part of which you quoted above, was about. I guess it wasn't clear enough. It would be a better approach, but it would still be pretty helpful to tell people how to interop with the existing approach.
Received on Thursday, 31 May 2007 22:40:28 UTC