- From: Kent Watsen <kent+ietf@watsen.net>
- Date: Thu, 23 Jul 2020 15:20:51 +0000
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Cc: "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>
- Message-ID: <010001737c434b23-44eb8c59-f98a-4c3d-8cf3-b991994f2e23-000000@email.amazonses.co>
TL;DR; Is client-auth to a web proxy mandatory? Thanks, Kent > On Jul 21, 2020, at 12:40 PM, Kent Watsen <kent+ietf@watsen.net> wrote: > > Thank you all for your earlier comments regarding draft-ietf-netconf-http-client-server <https://tools.ietf.org/html/draft-ietf-netconf-http-client-server>. > > The draft is now almost ready for WGLC (which will be CC-ed here as well), but there remains one item for which your guidance is needed (see bottom). > > First, as a recap, one of the primarily takeaways from before was that proxies can be supported both at the TCP-level (i.e., via SOCKS) and at the HTTP-level (i.e. via a Web Proxy). > > In order to support TCP-level proxies, the “tcp-client-grouping”, which is defined in another draft (draft-ietf-netconf-tcp-client-server <https://tools.ietf.org/html/draft-ietf-netconf-tcp-client-server>), now defines optional configuration enabling any TCP-client to initiate a connection via a proxy. FWIW, here is a direct link to the "tree diagram” <https://tools.ietf.org/html/draft-ietf-netconf-tcp-client-server-07#section-3.1.2.1> illustrating this. > > In order to support HTTP-level proxies, *this* draft was modified to introduce a new “proxy-connect” configuration stanza that, in effect, is the complete configuration for another HTTP-client connection. Here’s a direct link to the “tree diagram” <https://tools.ietf.org/html/draft-ietf-netconf-http-client-server-04#section-2.1.2.2> and here is a fully-populated example <https://tools.ietf.org/html/draft-ietf-netconf-http-client-server-04#section-2.2> (see 2nd example). > > Does everything appear to be in order so far? > > Now, for the question, do Web Proxies require client-auth? More specifically: > when an HTTP client is connecting to a Web Proxy via HTTP, is HTTP-level auth (i.e. Basic) mandatory or optional? > when an HTTP client is connecting to a Web Proxy via HTTPS, is TLS-level and/or HTTP-level auth mandatory or optional? > > Thanks, > Kent >
Received on Thursday, 23 July 2020 15:21:04 UTC