Re: Cookie Question

> > Could one or both of you explain what it would be used for?
> > It would help the rest of us support such a proposal.
> > Just asserting it would be useful doesn't help us (as a working
> > group) understand (or understand what problems it would present
> > that have to be thought about).
> I'll list some off the top of my head:
>  o one-time password/securID type authentication where a cookie is
>    issued and considered as valid credentials for a certain period of
>    time and then expired

This is the exact application that we were considering here.  As
a firewall vendor, we have considered several methods for incorporating
a stronger authentication method than the standard Unix password.
If there was a proxy-cookie with parameters such as expiration time we 
could incorporate some of the one-time password schemes alot easier.

 Wyllys Ingersoll                    
 ANS Communications
 Reston VA

>  o other access control data, e.g. ACL's

>  o being able to track usage patterns without forcing user
>    authentication
>  o being able to customize the view through the proxy
>  o maintaining client state on proxy side that useful and necessary,
>    e.g.
> 	o to guarantee that a Java originated connection gets to the
> 	  same IP address as the Java applet was loaded from (to
> 	  avoid the DNS spoofing attack)
> 	o to guarantee the same proxy route to the origin server, to
> 	  avoid problems where sites would associate a client cookie
> 	  with the incoming IP address, and with multiple different
> 	  proxy routes end up in a situation where client's cookie is
> 	  considered invalid by the origin server because it came
> 	  through a different proxy route (different source IP
> 	  address)
> The two last subitems I don't mind if HTTP WG proposes some other
> mechanism to deal with them; however, if we go with Proxy-cookies
> (which I fully support), this would be a possible solution.
> Cheers,
> --
> Ari Luotonen	* * * Opinions my own, not Netscape's * * *
> Netscape Communications Corp.
> 501 East Middlefield Road
> Mountain View, CA 94043, USA		Netscape Proxy Server Development

Received on Friday, 14 February 1997 13:22:56 UTC