HTTP/1.1 proxy authentication question

Marc Baudoin (Marc.Baudoin@hsc.fr.net)
Wed, 10 Jan 1996 11:13:23 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roy T. Fielding: "Re: intent of POST"
Previous message: Larry Masinter: "intent of POST"

I've read the Internet draft about HTTP/1.1 with great interest and I have
a question about proxy authentication and its interaction with the fact
that the TCP connection between the client and the proxy can stay open
(this question can apply to server authentication too).

Imagine a client connects to a proxy and uses the Connection header to tell
it wants the TCP connection to remain open for the following requests.  The
proxy takes the client's request and asks it for authentication.  The
client then resend its request with authentication and the proxy does its
jobs.  When the next request from the client arrives, is the authentication
still needed, since the TCP connection is the same? I don't mention TCP
hijacking, as it is difficult to do.  If the authentication is still
needed, the client will have to remember it (so it does not ask the user
all the time), which is quite bad for security.

I didn't find the answer in the draft.  Does somebody has the answer?
Thanks.

-- 
Marc Baudoin              | e-mail    <Marc.Baudoin@hsc.fr.net>
Hervé Schauer Consultants | Téléphone +33 (1) 46 38 89 90
142 rue de Rivoli         | Fax       +33 (1) 46 38 05 05
75039 PARIS CEDEX 01      | WWW       http://www.freenix.fr/~schauer/hsc/

Next message: Roy T. Fielding: "Re: intent of POST"
Previous message: Larry Masinter: "intent of POST"