On 22 Aug 2001 01:16:05 +0200, Henrik Nordstrom wrote:
> Robert Collins wrote:
>
> > Because proxy servers are considered trusted, and there is a (untrue)
> > expectation that the proxy returning a 407 is the first proxy in the
> > request chain.
>
> It is more than an expectation, it is a HTTP/1.1 SHOULD.
SHOULD, in my book is an expectation. Squid can _expect_ that HTTP/1.1
proxies will follow SHOULD recommendations, but we cannot _require_ it.
I think I placed my (untrue) in a confusing lcoation though - sorry.
> It is the "child" proxy responsibility to log in to the "parent", not the end
> users/browsers. How this is done is up to the implementation of the
> "child" proxy.
There is also a MAY in HTTP/1.1 that allows proxies to cooperate by
passing the users credentials around. The problem is that with NTLM that
cannot work until we are able to choose the challenge the DC will use.
At that point we could get squid to cooperate in such a fashion -
although it would be somewhat messy. (And that is gatewayed on
conenction pinning).
Rob
Received on Tue Aug 21 2001 - 18:12:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:14 MST