Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

devel / comp.protocols.kerberos / Re: heimdal http proxy

SubjectAuthor
o Re: heimdal http proxyCharles Hedrick

1
Re: heimdal http proxy

<mailman.5.1631398603.13452.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=131&group=comp.protocols.kerberos#131

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.pch.mit.edu!not-for-mail
From: hedr...@rutgers.edu (Charles Hedrick)
Newsgroups: comp.protocols.kerberos
Subject: Re: heimdal http proxy
Date: Sat, 11 Sep 2021 22:16:36 +0000
Organization: TNet Consulting
Lines: 39
Message-ID: <mailman.5.1631398603.13452.kerberos@mit.edu>
References: <87sfyq9qtg.fsf@hope.eyrie.org>
<58C9CD4B-C68A-4480-BFD8-29DC38D8C22A@cs.rutgers.edu>
<20210911182248.GA7118@openfortress.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="pch.mit.edu:18.7.21.50";
logging-data="23794"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
To: Rick van Rein <rick@openfortress.nl>
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=TTdvB7tIddcWz9XVIKONcE37q2Flg3WUH8mhamk5QyMzF/Br34ttl5HioVXeJPdhkqZd4SWYzD8n4qs2/1/gEtyk+/QtgQPaS1EdJpk/4lCxgsIIqpG6SMfIGw+fGM03tTNIJM1vSTicC6ZEeIuME1yu8fuShY2YyTIDwBFVs4wAh+zV2VMs/5uSLUWQwS5ymWyliCJ5km5WAkfNXz6UBQw2d/m2RquVMk9bYEWcxcl6QqR5QDZiQCplFFt7dNRcwtpjZu95yeZGUciweLgDZc5f8Clfvhvex4KFmcf6Sda2w9kVMYQh2OLDyA1oFmTnnRnAdqeoJVIL3CdOnmyn5A==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=yahuZnIOFXJorBz2neMJx20XZ4k+uRgGzOPecfma0z0=;
b=MVw5nIl/tyV+NHdVGMsyraRnXwHPHrzScCI3KqD2ZkLfi4UIWRCzuaE+nCuM7uZeBueQra2rb1qmAm2VXFpeG2sGOv4yXFwy7MmSQKzfZGPcbAHrL+xqybAbovQXbde0K+H+dM5/xh/ydvrEXGtPUHaBdc9Zgg7Cbb/it/0xk37qRC+tS1jgfWiscsK48+dd2b9oiwAFNIT5uVvsZw5mwCEzAnDTZWK/3N7WtXjHJ1NRZbbSY2RP9opASfJvQ3StyDq7CfJOtFqNxGPWE9nciIuPFLRAf1Rwk9Vycex8B9eq7+Cs8bytY4Bvn2jWB9dloNG6zLSOhC7XTmlfqjg8ag==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=none (sender ip is
40.107.92.130) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=bestguesspass action=none header.from=rutgers.edu;
dkim=pass (signature
was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yahuZnIOFXJorBz2neMJx20XZ4k+uRgGzOPecfma0z0=;
b=nMPlMe/tMt6QmqAFXHk6K69MtkHrwwf3xi1UzOoQNRZmRrqdgf/UneZLv9rcqZXSMv92eYKif69Hv3pUvJBosyqzFYzaMRoaXIlpYmlk1bWDT3xdTaCNrtfZbhN+cg6EdUKy9zbWFaAu7sKEPtC97Agl9GYoKT9rbPPEtMVYRCY=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=AscGOR1QVNUYHg0AHvK4ofXixme8fao2bWdubJyHSydud7On4ay/1vDan2/2E0P0WnQ+ZD460Pqahu+Ozm+uvUKH1+h9DSAA4YNl75wdWOOVblmiNLSpWYEP8CNMgqpvtR1HUpBcIPHEIxQtbfS/4O1YSLgn79wsNHwS3DkRYdEbvVvl/sYVbMchRe+k8vfMhsyuZlE6mPXAw1iLV3oFp4VZNGDoiordW6G1TT2oDlsOlhHPHvDQmh1oAbaHdMX3EuI5WMPa6TYnj0BF4HFeaDhslXqA9qBJwN0JrVz8TgPvsK6xFhb+1bQalM3vAR6gfis1Q7hPM6KYKcurWnTwgw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=yahuZnIOFXJorBz2neMJx20XZ4k+uRgGzOPecfma0z0=;
b=Zi4tr9spKI9d2MTkmgTaA+QFyWSpfpAvKM842OBvOnNtiN0oK8NbKk99L/qvNCM8B8J35y53b2dmkwa/ucR8cT29oewgyzZZRsLGde0ADkl4lZWTQhPLjpV9MBp1s5vN8DeQh2AwUlCJSIBwUfJBFZydXWWPKRWHQ3Dx6qDBMmlymM4wlqUcxRllrspnWtAvQCAmYNzQPrzTLHtkqZiKuCurTm5RZetD1il4m9l9j+9lQfM7TkZ4spqN9Mk/6GhK/Ik92AluBOJP4s7NPDZkD3+d/V1EBd1zNdPZ6GT9rt3vCSIa1TKf2ZBKJ6MwtJOE+f7Cbg/Aw9ekgs1Ajt+pCw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=none (sender ip is
40.107.92.130) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=bestguesspass action=none header.from=rutgers.edu;
dkim=pass (signature
was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
Authentication-Results: spf=none (sender IP is 40.107.92.130)
smtp.mailfrom=rutgers.edu; mit.edu; dkim=pass (signature was verified)
header.d=rutgers.edu;mit.edu; dmarc=bestguesspass action=none
header.from=rutgers.edu;
Received-SPF: None (protection.outlook.com: rutgers.edu does not designate
permitted sender hosts)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Hz2SabLUXpjq1VPHBnHcesSW2gqIO5K29aKKc7xX8ZFPbMfCjrYyeytTIbFvKULeMj+GuvsvZqRv6cTE55yza2qBNLHE9/yJZ9hksQC+NV1Zy7hhg05CgMGBHiD/ECxATSmQKrrucWlah14SS+MB2jgrfluvxoyfzJTvtUwjsRKlnpQrIvCESpP8YA4L7cl8CL0R0MHz4+Cf2Qvn+MtHe9STgLfwEwZfXzClV0YW1tLZ7N86ccOHOGj+t6G/8OTIS21zmtDK8vUuWgxPfxFX4cKBzezJUAu0GJC5OWiBy6z4nY6q697aFHwAwMxXck7Ovjz6RRP5PyqFgYBUYcbJng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=yahuZnIOFXJorBz2neMJx20XZ4k+uRgGzOPecfma0z0=;
b=O/m6MGSm47N4K7cSumLL3daqZNxqMqqYqDV5KHrEcQG9L8TtxDppOd5G3RqBdKGkmy7wsko+FQ8ipllYEz4eryvXs1UOUF/YLfC7lCc5DWpH6tucICOFB6YHNjn1AHssp0tmlIy0LI/NIrcoJv1pSquX4xzrJa1MuN3Apr9IrbGfLgq+nx3wRT+g2uAzinfaIEYMydwZxyEI8SF9yqEKf/Zzjr23j71xgDE+ts035iGZHDiKkzdLUyhVbsSMkuYdlcG00AKXKkw2FVDVyRVBNrpo+gI+8BRYODqMGCL+O63I8Z7kvTSLiaekxgCWqlk08NtHkCIaTxh4PjYrVr7Tbw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=rutgers.edu;
dmarc=pass action=none header.from=rutgers.edu;
dkim=pass header.d=rutgers.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rutgers.edu;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yahuZnIOFXJorBz2neMJx20XZ4k+uRgGzOPecfma0z0=;
b=R8bXHJ4+uH6IQDDtUWq/LXPdw5eyYPs8DBtXxE6JtxztJDzedEMnXJnnSjLYiK7vHJDt+g/VIrqBbYg6zoXmLaMdB39sxJr2YZ3+gJ2KIoKiCVb0HnNwILoPEYtN3gcM2LDAaEmCzTXxoKRrJ2FVI1xJP9WmH0TJTlpYKf1Dp+Q=
Thread-Topic: heimdal http proxy
Thread-Index: AQHXpyDTlq3JcZyFvkOkcnXIr3wvWaufJcoAgABBU64=
In-Reply-To: <20210911182248.GA7118@openfortress.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: mit.edu; dkim=none (message not signed)
header.d=none; mit.edu; dmarc=none action=none header.from=rutgers.edu;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: a838dd18-26fa-4267-052b-08d97571d343
x-ms-traffictypediagnostic: BL1PR14MB4983:|MW2PR0102MB3418:
X-Microsoft-Antispam-PRVS: <MW2PR0102MB3418B815C11675176737DB03AAD79@MW2PR0102MB3418.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: +lw9CKKLboG01Vh3WIF1m7fCEn23XVb01HkXlN51Rm6w+lpVusWjdZl1nKIEbUagL3yPuqqpzqffVuwW1cZDqJUFusyfbPfw706G6FUb2lwSXgdvobujVQoHINvhTz2oMS0JIzQf4XAJphhunu8cXUt2Z9uE6OjZmK+2kniXQX0BRbcPHbWWItcN9wD3y/GtGUGWr1n5C2rDIXhtahQrF6pU7G0yhK5DvDIPQU3y1pDXLDhbYN5ZUzdA3JxjHaEtWa0oXbjzn8Neyp/59XisJzUJtAFYGOBwerfc11Jf9sZo6UibkPPofiEfhkuGgL1XBCkfHExAxODuXwuZB2w4N9xRQDzLsvTbL92eyPuU5ZMW9UFHxjTQQdjptVGmdJyA0AHAqgU1Yjx0H3bH3hbMrFRNam0Y/RTZim4DxZOFNnPRHa8frKn+GszQLpREnclPYeJLZqEC2rN9Stclsl9014RA9DGO1zHoJYO1bnfWlUTWXJIh557gUz/rfoEsREORhEHepubDw1b0TuWJ58GHbT4DyYucv9jJq0l2cls6OSqYyqtwR8mzFtQQKqgVtgSZIK7eZB5zG/lpSumFMHjr+s8/e1ptLFZ1k8Wr39gXKHV3VHgpDLiUt5xq1RvriZLAwCRb8BRcP/rzYIK94Ihc95yK8pldJteATJqkvb3j0StltqBwODam02IWNQ7OOz3sSwX576zBGw2RXkd8x8DgSWqgUqCbncGYF+IQcUVeXNLGEGb9UCy/fv58VSvmJ9B+ihYidkO83oK8cZXPOyhliU6brpNJopZoWfRtWf/USIgv20eA+uGgJM5/MSab+DL7
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM;
H:BL0PR14MB3588.namprd14.prod.outlook.com; PTR:; CAT:NONE;
SFS:(4636009)(366004)(75432002)(6506007)(966005)(53546011)(508600001)(76116006)(3480700007)(33656002)(6486002)(186003)(38070700005)(6916009)(8936002)(86362001)(36756003)(66446008)(66946007)(2906002)(66476007)(66556008)(2616005)(64756008)(83380400001)(8676002)(316002)(4326008)(5660300002)(38100700002)(122000001)(7116003)(71200400001)(26005)(6512007)(45980500001);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: nVdb+E26y1/c6NaxDm6oD6GdgG4jaPGwnSSV0z5dcf8NX
MYNdtAb60xG3ulqZHFMOD5yiiFONyx1ONPBlVGGIEJ867
98v1AINXHTQva3qTBJyfVQDWm4xR7L3OgJ3uk0NCULtUs
DZ6qJ9CU8O9jUm586ig//6yndTsZLp3wmNe3jMeQwGHXW
tRpB7E1ZR/ieACYabiGkx5aIVWMFblzns2RetPdi0MnXE
mRWpxwOGsqWU1lsDrSdsc48tQQPKaySrbea+7E09ioP1e
44A42zVh+3DpK1qJvisxmO8QN+tBGLx8ykyMCPZZUEooy
sKU2sM9qXhI0/rd8zmHk8nQ2EQ0XJCUupPThBkucbH2P1
b7Pk4oUYzYJHOrFvD81n6E1NASKVweaRzIMac7eRoEOJ+
KnrNEKpRdXV3bJGUM5Pmue1SfX8gtmURZhUU4QR0xARo8
LVsghXa70lGG10izVwPIb665sRKNDWHkfTxCtizjgcjkc
zT2APvuvycI6qrCfy+HROMnJZczd8pEkw2oY+NSlUo80r
C+ixqwZXvvrGcv5Ld7R5bPlSAg1iUL7hkL42tIbNJhqxw
O1bGz0zJKzTXN4WDbEb0iBNdtptS2jelQqQ/Sw3054/pF
ftFTvgqEfcU6nlZdJU2luV59T+f3IPUwvSRk1uc11RFbC
BVxTVvEtYIxGdXbt5y4aQmMNMFvmpuMyLPoQnjID9yeBv
eCV/jr3GRsoRnGdot4yev/YpNAX6VcAP48dW8H8bckF/O
XAfU/mhs7PLf3qwOSFoajThPn6dNag0Q+JKP5GILOpnie
ILwZRrGBice1RGSpwf7PDxh8ilyU+yTo0g4gVYOI2ZDMP
9SgOzospRQpBhBt+65UreNmrTl/QO2Tc5x2hXAS0h5BoN
3Q8+QIV8Wk3Uk+Z3oKDc1W+Kuc7bi76D24KbSBHxxTZIp
Ev7t4uykqla0oze3zj6m5mV5imPZ01kRwqAVGAnUDfzKy
b4t2++Rdx8cqwiNhBaSIkyiMOqEIOxnCgOhF9ezwKVB9r
mc2Ad5nF3AXmjf3grSCKX5zjfAz385ejgiS/ywF7BNR/g
ZCGDuOLUNsY8M6K4VyhtpQ+faDV7OvFfxCAROeVkahe1d
lwF6F2OH0+h0mgW9ge0lmk12ZJcTEb2rESL8G30foV8I8
bQwB+ElxNA9yRKcwihKwcPlpwSRYILKmOdnxjYh7pQBTZ
PtglA21TKzuCHXqrtu1Dl9PbrIiEFJCNYiZ9C2Hfpbw36
O9cN43WQP2DYg5bOZdvHN8iXIBmHRHIv/WgqX9pqvHG3H
6TrhIuyVuWK5cicnai4g4K0pPtklIheBiJanejb
x-ms-exchange-transport-forked: True
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR14MB4983
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CO1NAM11FT067.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CO1NAM11FT067.eop-nam11.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1284fe23-730f-4458-376a-08d97571d20c
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: W+1hPnvNGCPSWbxhyYRbNTY5zufexhb5zSA5U7US5a/epgnXZvILb3SsmPpxD/OSXVvZAH9OPQNrkkB879MSd8UaEb6HYjumroZSjdA/yNOGFx9onACsWBMTy9bJQl4O3iWeEMknqEgyjVugxJDbc8t3IH/Qf0pNilyyJn054ocLZFlUyGfbXj6b6bs5NieBtJQZDE56uvTCH6KfWAwZwW48kZML0kzRjfQaRowWJS+YC5szb/Vj9yBtlb2nIo5V5q2L7zuozHlA9yVvi90SDXxb/iN5G8Hvw74iYwKZXPBqhRDS/qfVXPx7K2XTLg9yXDoazOxXTRW+8wcyjkc9hKZ5pWKQ7wB6fMGC5cNjjEyhCLN0pnZZPfcTSIUI3rDNNwJEp3BjspEcoeme18SLG5PYwIB5u7bp7OM4m5doTx14yA+yOEUcIX3Kg9RMCnZw8lcG+cm4SSbTDxwPBTld2p7jtw1NRb1B3D2j1TbaDx078t5mgadBNsd2dWn+IQL4qwRbiIrGvc2+k2u8/Nka3bsoo5hf3a+QhfQ1upCzlx8uP1UcizEkp/Xw1YYXbr1sdpQH4hm++Pte+WYWJRm/IyRjyqTR8ab4IZoT48we/0/ue1uamVztN0YYnYY0e8lUVey8vwZdHN0lU1rLSZf0VAGHI/YizbN2g6U/6Ydsr4CWtnhCFMXd4f6wAbZrfyqpjJlhlaEsCYf4JsF/I6uYM9PQbJbHsiJ/MlHcH20dCfmWYRF52eXQ4dSYwcQeI9sq
X-Forefront-Antispam-Report: CIP:40.107.92.130; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:NAM10-BN7-obe.outbound.protection.outlook.com;
PTR:mail-bn7nam10on2130.outbound.protection.outlook.com;
CAT:NONE;
SFS:(4636009)(336012)(3480700007)(83300400002)(83290400002)(83280400002)(83380400001)(8676002)(75432002)(83320400002)(4326008)(26005)(83310400002)(36756003)(6862004)(6486002)(86362001)(70586007)(68406010)(2906002)(508600001)(33656002)(5660300002)(6506007)(6512007)(53546011)(966005)(356005)(316002)(2616005)(7116003)(7636003)(45980500001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Sep 2021 22:16:38.4085 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a838dd18-26fa-4267-052b-08d97571d343
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT067.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR0102MB3418
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MIME-Autoconverted: from base64 to 8bit by PCH.mit.edu id 18BMGgew002458
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
 by: Charles Hedrick - Sat, 11 Sep 2021 22:16 UTC

My use case is a few web applications. Linux user group management, editing our wiki, and responding to help desk tickets. Generic web apps that I would like to use at home. We support CAS, but our university CAS server has disabled SSO. Since I already have a Kerberos ticket to use ssh, it would be nice to be able to get into the web apps without having to do CAS and Duo each time. (My Kerberos tickets also require two factor authentication to get them.)

We use Kerberos and GSSAPI for other things, but not that I’d need at home.

> On Sep 11, 2021, at 2:22 PM, Rick van Rein <rick@openfortress.nl> wrote:
>
> Hello Charles,
>
>> I???d like to be able to use Kerberos SPNEGO at home. Unfortunately the Mac uses Heimdal.
>
> SPNEGO has really a low security level. I am surprised this is considered
> acceptable for a https proxy.
>
> We are working on two better solutions, with software that classifies only
> little over "proof of concept'.
>
> - TLS-KDH to integrate Kerberos authentication with ECDH encryption;
> this combination is in fact Quantum Proof
>
> https://datatracker.ietf.org/doc/html/draft-vanrein-tls-kdh
>
> - HTTP-SASL integrates SASL as a HTTP authentication mechanism, and this
> is meant to allow Kerberos as well. In contrast with SPNEGO, it would
> be possible to require Channel Binding (at least to the webserver _name_).
>
> https://datatracker.ietf.org/doc/html/draft-vanrein-httpauth-sasl
>
>
> Take note: These have not even been proposed on this list, simply due to
> lack of time to actively discuss it (been mostly occupied with this and
> related implementations). So at best this could be a future opportunity.
> Still, your usecase may help to propell the work forward, so please share
> if this would be helpful for your situation. You may want to pass this
> by your sysadmin too.
>
>
> Cheers,
> -Rick

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor