W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: Getting to Last Call

From: Mark Nottingham <mnot@mnot.net>
Date: Sat, 24 Dec 2011 08:52:35 -0500
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Peter Saint-Andre <stpeter@stpeter.im>, Adrien de Croy <adrien@qbik.com>
Message-Id: <31A75D60-C7E2-435C-A189-33F4B4AA4413@mnot.net>
To: Willy Tarreau <w@1wt.eu>
Hi Willy,

This is certainly desirable, but just making it a requirement would make pretty much every proxy non-conformant, so that's a big step.

Would it be sufficient to just encourage use / support of HTTPS with proxies?



On 15/12/2011, at 1:38 AM, Willy Tarreau wrote:

> Hi Mark,
> 
> On Thu, Dec 15, 2011 at 01:01:36PM +1100, Mark Nottingham wrote:
>> We're not quite ready for Working Group Last Call, but I do believe it's not far off. So, if you have issues to bring to the Working Group, please do so soon.
> 
> Mid-April, we had a discussion with Adrien the suggestion of making UAs
> connect to proxies using https instead of http so that we stop the horrors
> that are currently performed for authentication in many corporate environments
> (you know, redirect to https for auth + set-cookie for the target domain +
> redirect again + failure quite often...), and apparently there was no ticket
> for this.
> 
> Adrien even suggested the use of "GET https://" instead of CONNECT in
> some cases so that filtering proxies can safely inspect the contents.
> 
> Since corporate proxies are a place where HTTP works very badly, I think
> we should address these issues before the final release.
> 
> Best regards,
> Willy
> 

--
Mark Nottingham
http://www.mnot.net/
Received on Saturday, 24 December 2011 13:53:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:51 GMT