- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Wed, 27 Nov 2013 21:40:19 +0100
- To: "Adrien de Croy" <adrien@qbik.com>
- Cc: "Yoav Nir" <synp71@live.com>, "HTTP Group" <ietf-http-wg@w3.org>
Le Mar 26 novembre 2013 21:09, Adrien de Croy a écrit : > > I don't see any point in using a CONNECT style of approach if you trust > the proxy. What sort of connection is that? If TLS, then why not just > use a GET https:// approach. > > As for using a mandatory proxy on the server end, I don't really see a > requirement for that. People use reverse proxies for sure, but they > just appear from the outside to be a server. I think if we allowed > assertion of mandatory proxy use outside a trusted environment (e.g. the > user's LAN) then we would have major problems getting it accepted. I had the case of an entity that used an authenticating proxy to protect outside access to their internal webapps. So getting access for our users to their apps would have required chaining two proxies web client on corp1 lan → corp1 outbound auth proxy → Internet → corp2 inbound auth proxy → webapp on corp2 land And of course corp1 and corp2 secrets were not shared, only users with dual affiliation had a login on both proxies. This is a real and current use-case, not a though experiment. Regards, -- Nicolas Mailhot
Received on Wednesday, 27 November 2013 20:40:49 UTC