W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Secure (https) proxy authentification

From: Henry Story <henry.story@bblfish.net>
Date: Sat, 18 Feb 2012 18:29:53 +0100
Cc: ietf-http-wg@w3.org
Message-Id: <689660A9-8EAD-4EE6-8B4D-401E73F13941@bblfish.net>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>

On 16 Feb 2012, at 15:36, Nicolas Mailhot wrote:

> Hi,
> 
> Now that browsers have started refusing redirection of https sessions, there
> is no clean way for a proxy to point browsers to an https authentication
> portal when they need to be authenticated or re-authenticated.

Hi Nicolas. I am working on WebID - an https protocol ( http://webid.info/spec ) -
so this sounds like it could be important to us. Do you have a pointer to 
explain the situation here in more detail? I am not sure what kind of redirects
get refused, for what reason, etc....


> 
> The 407 error must be extended to indicate the https proxy authentication
> portal location to handle the cases where it is not desirable to have proxy
> auth transmitted in clear, and clients are too dumb to support anything more
> complex than basic auth over http or https.
> 
> (the other “solution” is DPI, but that's not really appealing except to proxy
> aplicance manufacturers)
> 
> Best regards,
> 
> -- 
> Nicolas Mailhot
> 
> 

Social Web Architect
http://bblfish.net/
Received on Saturday, 18 February 2012 17:30:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT