W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Secure (https) proxy authentification

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 17 Feb 2012 21:20:09 +0100
Message-ID: <ee6612fe73668c0cb971789f45cee6aa.squirrel@arekh.dyndns.org>
To: "Willy Tarreau" <w@1wt.eu>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org

Le Jeu 16 février 2012 18:44, Willy Tarreau a écrit :
> On Thu, Feb 16, 2012 at 03:36:47PM +0100, Nicolas Mailhot wrote:

>> The 407 error must be extended to indicate the https proxy authentication
>> portal location to handle the cases where it is not desirable to have proxy
>> auth transmitted in clear, and clients are too dumb to support anything more
>> complex than basic auth over http or https.

>
> Well, this is one more reason for urging all browser vendors to support
> proxying over https. This will put an end to this redirection madness
> which prevents most HTTP agents from working in such environments (eg:
> firefox cannot even update itself at a customer's due to such proxies,
> so everyone uses outdated versions until they decide to download the full
> image again).

Thank you for your support
I believe fixing this hole in the spec is also needed to get working captive
portals (instead of the current half-working piles of bandaids that never
quite work correctly)


-- 
Nicolas Mailhot
Received on Friday, 17 February 2012 20:20:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT