W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Secure (https) proxy authentification

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Thu, 16 Feb 2012 15:36:47 +0100
Message-ID: <009e3177ab4b0f3de7ea47fa17118458.squirrel@arekh.dyndns.org>
To: ietf-http-wg@w3.org

Now that browsers have started refusing redirection of https sessions, there
is no clean way for a proxy to point browsers to an https authentication
portal when they need to be authenticated or re-authenticated.

The 407 error must be extended to indicate the https proxy authentication
portal location to handle the cases where it is not desirable to have proxy
auth transmitted in clear, and clients are too dumb to support anything more
complex than basic auth over http or https.

(the other “solution” is DPI, but that's not really appealing except to proxy
aplicance manufacturers)

Best regards,

Nicolas Mailhot
Received on Thursday, 16 February 2012 14:37:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:00 UTC