Re: Proxy authentication

> Proxy authentication, if I read it right, does not work for architectures 
> with more than one proxy between the browser and server, each with their
> own security needs.

That is not accurate and was addressed on the list a while back:

   <http://www.ics.uci.edu/pub/ietf/http/hypermail/1996q1/0365.html>

> Section 2.5 of the DAA spec says:
> 
> " the proxy versions, Proxy-
>   Authenticate and Proxy-Authorization, apply only to the current
>   connection and must not be passed upstream or downstream. "

That part of the Digest spec is wrong.  The decision of whether or not
that information is passed along is made by the Proxy.  Each proxy
along the line may forward or interpret or rewrite the proxy-AA header fields.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/

Received on Friday, 19 April 1996 17:46:40 UTC