Firewalls: Re: Proxy Authentication in Netscape Proxy Server

Firewalls
(July 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Proxy Authentication in Netscape Proxy Server
From:	peter @ nmti . com (Peter da Silva)
Date:	Sat, 29 Jul 1995 20:58:41 -0500 (CDT)
To:	jct @ edelweb . fr (Jean-Christophe Touvet)
Cc:	pwtyeung @ ha . org . hk, firewalls @ GreatCircle . COM
In-reply-to:	<199507281711 . TAA17630 @ champagne . edelweb . fr> from "Jean-Christophe Touvet" at Jul 28, 95 07:11:41 pm

>  then a popup is displayed, asking for username/passwd. What is entered by the
> user is uuencoded and sent back to the proxy, using Proxy-authorization header.

Eep! Totally subject to snooping/replaying attack!

The basic mechanism of sending an encrypted token as the challenge to be
decrypted by the password (like Kerberos does) is so well known, why didn't
they use it?

References:

Re: Proxy Authentication in Netscape Proxy Server
From: Jean-Christophe Touvet <jct @ edelweb . fr>

Indexed By Date	Previous:	Someone knocking at our door... From: peter @ nmti . com (Peter da Silva)
Indexed By Date	Next:	Re: silly, but???????? From: Mark Allyn (206) 860-9454 <allyn @ allyn . com>
Indexed By Thread	Previous:	Re: Proxy Authentication in Netscape Proxy Server From: Jean-Christophe Touvet <jct @ edelweb . fr>
Indexed By Thread	Next:	UDP Proxying? From: Michael Ferioli - D&D Consulting <ferioli @ disaster . com>