Proxy auth from Josh Cohen (Exchange) on 1999-11-18 (ietf-http-wg@w3.org from October to December 1999)

From: Josh Cohen (Exchange) <joshco@exchange.microsoft.com>
Date: Wed, 17 Nov 1999 23:29:02 -0800
To: http-wg@hplb.hpl.hp.com
Cc: "'Roy T. Fielding'" <fielding@kiwi.ICS.UCI.EDU>, "'lawrence@agranat.com'" <lawrence@agranat.com>
Message-ID: <BFF90FB6CF66D111BF4F0000F840DB850BCBBDA5@LASSIE>

Hey,
  
 Since we're talking about proxies....
Im curious to know what others think the right thing
according to the intent of the 1.1 spec to do is
in this situation:

If you have two chained proxy servers:

client -> proxy1 -> proxy2 -> origin server

If proxy 2 challenges for proxy-authentication (in its realm),
should the challenge go back to the client if proxy1 doesnt intend
to satisfy the challenge ?

My understanding was that the intent was that this situation was
to be covered.  By this I mean a client can auth to a proxy up the chain.
The spec is somewhat ambiguous, it says the proxy-auth headers are 
hop-by-hop, but then mentions that chained proxy-auth can work.

Received on Wednesday, 17 November 1999 23:33:03 UTC