- From: Nico Williams <nico@cryptonector.com>
- Date: Wed, 17 Jul 2013 21:50:44 -0500
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
On Wed, Jul 17, 2013 at 7:36 PM, Amos Jeffries <squid3@treenet.co.nz> wrote: > On 18/07/2013 6:00 a.m., Nico Williams wrote: >> On Wed, Jul 17, 2013 at 12:59 AM, Amos Jeffries <squid3@treenet.co.nz> >> wrote: >>> 2) "HTTP auth is broken". Aka the headers dont let me login user X to >>> proxy >>> A and proxy B at the same time, in the same chain, with different >>> credentials all controlled by user X ... seem to be making a few wrong >>> assumptions about how HTTP works there. Go away and do (1) instead the >>> user-application ha sa lot more control over end-to-end pathways in >>> application layer. >> >> Oh, I'd never seen this argument. This is an interesting one because >> authentication to proxies is very interesting. So this one is >> definitely a legitimate argument, and one I would make. Also, this >> means I have to think about proxy auth for RESTauth (well, it's >> straightforward, but I have to add it). This is very helpful, thanks! > > > The answr may surprise you. HTTP *already* provides teh necessary mechanism > to do auth like that... No, I knew about CONNECT. I've written a CONNECT proxy client for traversing proxies that need HTTP/Negotiate authentication (which I'll try to get contributed as open source to curl, if they'll take it).
Received on Thursday, 18 July 2013 02:51:06 UTC