hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DaddyWri <...@git.apache.org>
Subject [GitHub] httpclient issue #66: CredSSP implementation, NTLM engine reworked
Date Wed, 15 Mar 2017 08:42:59 GMT
Github user DaddyWri commented on the issue:

    https://github.com/apache/httpclient/pull/66
  
    @ok2c  I had a long look at the NTLMEngineImpl changes.  Basically:
    - Trace level debug support, which I recommend we remove because it is quite unsecure
if enabled;
    - For the CipherGen embedded cipher class, no substantive changes were made at all, just
method and member variable renaming and formatting; I recommend we don't include any of these,
since they add noise and no value;
    - NTLMEngineImpl is now stateful and contains the history of all messages, and that's
basically necessary to allow signing and sealing.  There must be considerable changes elsewhere
to allow for this change in flow, which I have not looked at yet;
    - Signing and sealing code, which constitutes the major addition to the engine itself.
 I recommend we take those changes provided unit tests are developed for them.  There are
a number of situations where signing and sealing support would allow future extensions to
be worked in.  I also think it would be good to consider taking the CredSSP implementation,
once it is in form to do so.
    
    As for timing -- since it appears that Mr. Semancik has no further interest in this work,
it's likely to be a while before I can do it.  Also, a trunk commit won't do much good for
a backport to the 4.5.x branch since everything has moved, although with some effort a back
patch might be developed.
    
    I really wouldn't be concerned about proprietary legal problems; that ship sailed more
than 15 years ago, and as Mr. Semancik points out, all of these specs are public now, and
have been for more than a decade.  


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message