Dancer wrote:
> Mmm. The way I read this, is that both Squid and MS-proxy are DTRT-ing
> (doing the right thing), as far as interpretation of the spec goes. Both
> methods are 'okay' by the book. Yes, that bit is a bit questionable, but
> the more I reread it, the more I get the impression that either method
> is acceptable.
Not relaying proxy-authentication credentials defenitely is one possible
HTTP/1.1 conforming implementation. Not the most useful, but it is
acceptable.
The current Squid implementation are questionable on a few minor
implementation details: how authentication challenges are handled in a
chained setup, and how/when the authentcation credentials are relayed.
As I read it the authentcation challange should be generated hop by hop
rather than forwarded, and the authentication credentials should only be
relayed if needed and only if the peer is configured/defined to use
cooperative authentcation.
These Squid issues are not a problem in most setups, but could be in a
multi level interconnected cache mesh covering multiple administrative
domains with different authentication requirements.
/Henrik
Received on Tue Jul 29 2003 - 13:15:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:04 MST