- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Tue, 16 Jul 2013 12:07:44 +0200
- To: "Robert Collins" <robertc@robertcollins.net>
- Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
Le Mar 16 juillet 2013 11:52, Robert Collins a écrit : >> 2. how do you send auth from the client to the proxy in a secure way >> without it leaking them outside? > > I think you mean 'If the origin is an HTTPS origin which uses > replayable (e.g. basic) auth, how do you prevent that leaking [vs e.g. > how do you authenticate to the proxy itself]. No, I really meant "how do you prevent web site auth leaking proxy-side, and proxy auth leaking web site-side, without assuming one of those auths is worthless and can be shared or exposed non-encrypted in the name of cutting corners". And that in a world where the only auth most web clients will use reliably is basic auth. -- Nicolas Mailhot
Received on Tuesday, 16 July 2013 10:08:14 UTC