- From: Dennis Olvany <dennisolvany@gmail.com>
- Date: Sat, 12 Mar 2016 17:36:24 +0000
- To: Ilari Liusvaara <ilariliusvaara@welho.com>
- Cc: ietf-http-wg@w3.org
- Message-ID: <CAATNdDzpSydhqrWyN5UcMACDTcHFY++9AsW7jAu4aCCeU7ciFw@mail.gmail.com>
Thanks, Ilari. After further research, it looks like I may be running into the http2 incompatibility with ntlm. Is this limitation applicable to the mixed use case? Is anyone aware of a good write up which explains the ntlm incompatibility? -Dennis On Sat, Mar 12, 2016 at 11:44 AM Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Sat, Mar 12, 2016 at 04:16:14PM +0000, Dennis Olvany wrote: > > Hello, > > > > I am interested in understanding the interoperability of http > > authentication in a mixed http2/1.1 deployment. The use case is http2 > > between client and load balancer (ssl offload), then http1.1 between load > > balancer and server. Authentication occurs at the server, not the load > > balancer. My understanding is that the authorization header is sent with > > every request, but perhaps this is not the case if the client is > performing > > http2 header compression. It seems logical that it should be the > > responsibility of the intermediary to cache and transmit the header with > > each request. Does the standard stipulate the behavior of clients and > > intermediaries to support authentication in a mixed design? Are there any > > known limitations with such a design? > > Basically, the header is logically sent in every request (that is to be > authenticated), even if header compression compresses it to zero space. > > So if the load balancer can forward to multiple servers, it needs to > take the header compression context into account for each request. > > > -Ilari >
Received on Saturday, 12 March 2016 17:37:03 UTC