Re: [SQU] Proxy Authentication Issues

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 01 Mar 2001 04:07:14 +0100

Robert Collins wrote:

> > Alternatives to Basic Authentication include SSL-encrypted Basic
> > Authentication, NTLM (NTCR) authentication, and Digest authentication.
> Each
> > of these has problems also.
>
> Yes.

No. SSL-encrypted Basic authentication is not an real option for
proxies.

What is an option for proxies is to use a separate login method outside
the HTTP protocol. In most cases this is limited to IP based access
control.

Or as you say, set up secure tunnels for the traffic between the clients
and the proxy, using IPSec or any other secure tunelling method.

Playing with cookies might be an option, but not when contacting https
services. And still (if you manage to find a way to securely set up the
session without having to lower the cookie security in the browser) you
will have at least a recoverable session key that is transferred in
"plain text" on the net.

--
Henrik Nordstrom
Squid hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Feb 28 2001 - 20:17:41 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:17 MST