Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements

Sam Hartman <hartmans-ietf@mit.edu> Thu, 06 July 2006 18:55 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyZ0g-0001S8-8I; Thu, 06 Jul 2006 14:55:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyZ0f-0001Rx-4g for dix@ietf.org; Thu, 06 Jul 2006 14:55:33 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FyZ0d-0004W5-TQ for dix@ietf.org; Thu, 06 Jul 2006 14:55:33 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 2B6E0E0079; Thu, 6 Jul 2006 14:55:56 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements
References: <20060619220742.40B85222427@laser.networkresonance.com> <tsl3bdoiq9g.fsf@cz.mit.edu> <1b587cab0607030646kfcfeeau726596d097a55a5b@mail.google.com>
Date: Thu, 06 Jul 2006 14:55:56 -0400
In-Reply-To: <1b587cab0607030646kfcfeeau726596d097a55a5b@mail.google.com> (Ben Laurie's message of "Mon, 3 Jul 2006 14:46:57 +0100")
Message-ID: <tslodw2a7gj.fsf@cz.mit.edu>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.1 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: ietf-http-auth@lists.osafoundation.org
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

>>>>> "Ben" == Ben Laurie <benl@google.com> writes:

    >> TLS Client AUthentication
    >> 
    >> Your taxonomy assumes that TLS is a valid approach to client
    >> authentication.  As I understand HTTP, that is only true
    >> assuming there are no proxies between the user and the RP.

    Ben> HTTP proxies support the CONNECT method for this (all they do
    Ben> is copy the raw connection data in both directions). Note
    Ben> that if proxies didn't do this, then server authentication
    Ben> would also be impossible.


I'm sorry, I mean no non-connect based proxies.
I.E. proxies that are HTTP hops.


_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix