Indeed they have, however, the method as outlined in this I-D only
works if all proxies in the request chain either supports the
extension or does not support it at all.
If you have a mix of proxies some supporting the connection pinning
extension and some not supporting it then very bad things will happen
as the browser then gets fooled into thinking that connection pinning
is supported by the request path.
Regards
Henrik
On Wednesday 27 November 2002 11.36, Robert Collins wrote:
> On Wed, 2002-11-27 at 21:11, Henrik Nordstrom wrote:
> > Because a certain very big company did not read the HTTP
> > specifications when implementing their "integrated login" schemes
> > (NTLM and then Negotiate), and as a result their design is in
> > violation to fundamental aspects of the HTTP specification and
> > cannot be proxied by standard HTTP proxies who try to follow the
> > specifications (not even their own proxy).
>
> Henrik, Just for the record,
> That big companies proxy CAN support NTLM through the proxy now,
> they have released a I.D. detailing a response and request header
> that allows tcp connection pinning - and thus NTLM and kerberos
> work through the proxy reliably. It's on my todo list to support
> this in squid someday.
>
> Rob
Received on Wed Nov 27 2002 - 07:03:36 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:36 MST