Re: Authentication over HTTP
Nico Williams <nico@cryptonector.com> Thu, 18 July 2013 02:53 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 643C121F88D2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Jul 2013 19:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.667
X-Spam-Level:
X-Spam-Status: No, score=-6.667 tagged_above=-999 required=5 tests=[AWL=3.310, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2nrEkmTzWPr for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Jul 2013 19:53:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id B622521F95EF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 17 Jul 2013 19:53:09 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UzeJH-0007AN-KU for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Jul 2013 02:51:15 +0000
Resent-Date: Thu, 18 Jul 2013 02:51:15 +0000
Resent-Message-Id: <E1UzeJH-0007AN-KU@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1UzeJ8-00079O-RB for ietf-http-wg@listhub.w3.org; Thu, 18 Jul 2013 02:51:06 +0000
Received: from caiajhbdcahe.dreamhost.com ([208.97.132.74] helo=homiemail-a54.g.dreamhost.com) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1UzeJ8-0005eo-1i for ietf-http-wg@w3.org; Thu, 18 Jul 2013 02:51:06 +0000
Received: from homiemail-a54.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a54.g.dreamhost.com (Postfix) with ESMTP id E7DCA400EE530 for <ietf-http-wg@w3.org>; Wed, 17 Jul 2013 19:50:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=oK3bdchD2N+U2QjRMTzb oLRYHDo=; b=NtM2PA465imvLsNllQiAHyw7bpOhQwVurnWpRdkIu/UGwQPPFC/L 3flYQqUyZ9ZaZaZNX4e19bGm9PC8xoAzDiK5uFt0VXp7DDo4zHyOPyOwHTV6Kra/ cXtrBUil6ko0s63IG341G3DbE2pqNHqX/MFRGlPpsyuLuZWecYCOL6U=
Received: from mail-ie0-f178.google.com (mail-ie0-f178.google.com [209.85.223.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a54.g.dreamhost.com (Postfix) with ESMTPSA id C6F4B400EE51E for <ietf-http-wg@w3.org>; Wed, 17 Jul 2013 19:50:44 -0700 (PDT)
Received: by mail-ie0-f178.google.com with SMTP id u16so5802168iet.37 for <ietf-http-wg@w3.org>; Wed, 17 Jul 2013 19:50:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pY/AXT47DO9NmSN1vzdmVnu3qmV9wJj9GEYBY+hGpVk=; b=G0fL2dhdoeAsBWyvrx3kFzChMNBNxphqeQro/zvXRQIQruiWVyd2Ajgzp6FN6fdkEg /GM81e42EQW+f9GcfVDJvbrjL0Dr2wKMeukvTiUzKKqq9+Ec948JQwj0s0t6X8eLToVO xqoK6+RTn//Eh0mT57LsHBfKObRlJl8G77dFm/8/5sSeXyFpuR4Zer/4IiDLPbksY2Io WwTQssq10FTIB6n98h+SkgvTe79H2HMxNOGza7Ch7dbTQkSEbhMAwyGcOSWsxZZOEeEC mS33rZduYV+lalqc41blpHOkdkyfPWmT0UqwhRm8j5Li76kGCNU1+Hrf6rxCfyQap4nS J1oA==
MIME-Version: 1.0
X-Received: by 10.42.222.135 with SMTP id ig7mr5804387icb.69.1374115844214; Wed, 17 Jul 2013 19:50:44 -0700 (PDT)
Received: by 10.64.130.169 with HTTP; Wed, 17 Jul 2013 19:50:44 -0700 (PDT)
In-Reply-To: <51E73895.7080003@treenet.co.nz>
References: <CE0AD74C.22464%Josh.Howlett@ja.net> <51E5428D.7010008@treenet.co.nz> <CAK3OfOg9JZbcnZhHSNrfSViNeV+wyctwYzSKhXpjGf3f_gP+VQ@mail.gmail.com> <51E632CB.9010107@treenet.co.nz> <CAK3OfOhci7-uNWsSG-54WH1GVkPRVivPdX6eiGmokL-=9paBzw@mail.gmail.com> <51E73895.7080003@treenet.co.nz>
Date: Wed, 17 Jul 2013 21:50:44 -0500
Message-ID: <CAK3OfOi_PhjDGbvWxivEYjEhfjiUSSK3_JUSKJh23HcBgbyhGQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org
Content-Type: text/plain; charset="UTF-8"
Received-SPF: none client-ip=208.97.132.74; envelope-from=nico@cryptonector.com; helo=homiemail-a54.g.dreamhost.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.374, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: maggie.w3.org 1UzeJ8-0005eo-1i 1543e507788cf633ef95670d831eb00e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Authentication over HTTP
Archived-At: <http://www.w3.org/mid/CAK3OfOi_PhjDGbvWxivEYjEhfjiUSSK3_JUSKJh23HcBgbyhGQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18837
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Wed, Jul 17, 2013 at 7:36 PM, Amos Jeffries <squid3@treenet.co.nz> wrote: > On 18/07/2013 6:00 a.m., Nico Williams wrote: >> On Wed, Jul 17, 2013 at 12:59 AM, Amos Jeffries <squid3@treenet.co.nz> >> wrote: >>> 2) "HTTP auth is broken". Aka the headers dont let me login user X to >>> proxy >>> A and proxy B at the same time, in the same chain, with different >>> credentials all controlled by user X ... seem to be making a few wrong >>> assumptions about how HTTP works there. Go away and do (1) instead the >>> user-application ha sa lot more control over end-to-end pathways in >>> application layer. >> >> Oh, I'd never seen this argument. This is an interesting one because >> authentication to proxies is very interesting. So this one is >> definitely a legitimate argument, and one I would make. Also, this >> means I have to think about proxy auth for RESTauth (well, it's >> straightforward, but I have to add it). This is very helpful, thanks! > > > The answr may surprise you. HTTP *already* provides teh necessary mechanism > to do auth like that... No, I knew about CONNECT. I've written a CONNECT proxy client for traversing proxies that need HTTP/Negotiate authentication (which I'll try to get contributed as open source to curl, if they'll take it).
- Re: Authentication over HTTP Poul-Henning Kamp
- Re: Authentication over HTTP Yoav Nir
- Re: Authentication over HTTP Henry Story
- Re: Authentication over HTTP Poul-Henning Kamp
- Re: Authentication over HTTP Yoav Nir
- Authentication over HTTP M Stefan
- Re: Authentication over HTTP J Ross Nicoll
- Re: Authentication over HTTP Nicolas Mailhot
- Re: Authentication over HTTP Ludin, Stephen
- Re: Authentication over HTTP Henry Story
- Re: Authentication over HTTP J Ross Nicoll
- Re: Authentication over HTTP Adrien W. de Croy
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Henry Story
- Re: Authentication over HTTP Josh Howlett
- Re: Authentication over HTTP Amos Jeffries
- Re: Authentication over HTTP Bjoern Hoehrmann
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Amos Jeffries
- Re: Authentication over HTTP David Morris
- Re: Authentication over HTTP Amos Jeffries
- Re: Authentication over HTTP Yoav Nir
- Re: Authentication over HTTP Albert Lunde
- Re: Authentication over HTTP Nicolas Mailhot
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Amos Jeffries
- Re: Authentication over HTTP Nico Williams
- Re: Authentication over HTTP Nicolas Mailhot
- Re: Authentication over HTTP Adrien W. de Croy