W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Authentication over HTTP

From: Adrien W. de Croy <adrien@qbik.com>
Date: Thu, 18 Jul 2013 13:17:30 +0000
To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Nico Williams" <nico@cryptonector.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em187dc8f4-6bf2-4783-b277-a2e8f7ceb2f4@bodybag>

with the move (major sites) to https, interception is becoming more of a 
train-wreck.

We really need a way to reliably force a browser to use a proxy.  e.g. 
inside a network force explicit use of the company proxy.

You can't intercept port 443, and send back HTTP (rejections, auth 
challenges or pages) to clients.




------ Original Message ------
From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
To: "Nico Williams" <nico@cryptonector.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>; "HTTP Working 
Group" <ietf-http-wg@w3.org>
Sent: 18/07/2013 11:54:29 p.m.
Subject: Re: Authentication over HTTP
>
>Le Mer 17 juillet 2013 19:59, Nico Williams a écrit :
>>  On Wed, Jul 17, 2013 at 6:13 AM, Nicolas Mailhot
>>  <nicolas.mailhot@laposte.net> wrote:
>>>>>  What am I missing?
>>>
>>>  That we have standards to permit interoperability, and go away and 
>>>do it
>>>  elsewhere is the perfect interop killer?
>>
>>  You can standardize how to do it elsewhere. Just because X is a
>>  standard doesn't mean that some feature that X doesn't have belongs 
>>in
>>  X.
>
>And that have worked wonderfully didn't it? Need I point out once again
>why everyone is moving to transparent interception now?
>
>--
>Nicolas Mailhot
>
>
Received on Thursday, 18 July 2013 13:18:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC