Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis) from Amos Jeffries on 2012-03-01 (ietf-http-wg@w3.org from January to March 2012)

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 01 Mar 2012 13:46:49 +1300
To: <ietf-http-wg@w3.org>
Message-ID: <675e023416d23c2e39131a682da35a3b@treenet.co.nz>

On 01.03.2012 13:13, Adrien de Croy wrote:
> NTLM could be made non-connection-oriented if http auth had some sort
> of context attribute that identified the auth conversation (in both
> challenges and responses), instead of having to associate it with the
> connection.

No. That just makes HTTP connection-oriented at the abstract level of 
channels. No change to NTLM.

NTLM would also require dropping the second-stage token exchange 
through the channel its authenticating. Which is effectively Kerberos, 
and also a reason behind Kerberos being preferred for implementation 
instead of NTLM across the WAN.

AYJ

Received on Thursday, 1 March 2012 00:47:15 UTC