W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2012

Fwd: Secure (https) proxy authentification

From: Henry Story <henry.story@bblfish.net>
Date: Sun, 19 Feb 2012 12:04:48 +0100
Message-Id: <1F222986-9746-4B6D-BBB7-3B8FECF0E68D@bblfish.net>
To: WebID XG <public-xg-webid@w3.org>, public-webid <public-webid@w3.org>
Something being discussed on the HTTP mailing list, which we should keep track of.

Henry

Begin forwarded message:

> From: Henry Story <henry.story@bblfish.net>
> Subject: Re: Secure (https) proxy authentification
> Date: 18 February 2012 18:29:53 CET
> To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
> Cc: ietf-http-wg@w3.org
> 
> 
> On 16 Feb 2012, at 15:36, Nicolas Mailhot wrote:
> 
>> Hi,
>> 
>> Now that browsers have started refusing redirection of https sessions, there
>> is no clean way for a proxy to point browsers to an https authentication
>> portal when they need to be authenticated or re-authenticated.
> 
> Hi Nicolas. I am working on WebID - an https protocol ( http://webid.info/spec ) -
> so this sounds like it could be important to us. Do you have a pointer to 
> explain the situation here in more detail? I am not sure what kind of redirects
> get refused, for what reason, etc....
> 
> 
>> 
>> The 407 error must be extended to indicate the https proxy authentication
>> portal location to handle the cases where it is not desirable to have proxy
>> auth transmitted in clear, and clients are too dumb to support anything more
>> complex than basic auth over http or https.
>> 
>> (the other “solution” is DPI, but that's not really appealing except to proxy
>> aplicance manufacturers)
>> 
>> Best regards,
>> 
>> -- 
>> Nicolas Mailhot
>> 
>> 
> 
> Social Web Architect
> http://bblfish.net/
> 

Social Web Architect
http://bblfish.net/
Received on Sunday, 19 February 2012 11:05:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:30 UTC