I've already explained why 802.1x was useless for gateway authorisation. Putting it in the title thread does not make it any less useless.
Quoting Willy Tarreau (Linux 2.4 maintainer, haproxy author, IETF HTTPbis WG member):
> Despite our disgust for this fact, HTTP has become a de-facto standard
> transport protocol for many purposes. WebSocket is a proof of this, it was
> born to address the dirty bidirectional mechanisms that were appearing
> everywhere. A wide number of tools are able of using the HTTP CONNECT
> method over a proxy to reach a point on the net (for VPNs, SSH, etc...).
> HTTP has brought what TCP lacks : user authentication and bouncing over
> proxies even in non-routable environments.
> The problem is that right now the migration to HTTPS for many sites has
> caused increased need for HTTPS content analysis, and a large number of
> products are now used to spoof certificates and control everything. This
> is not acceptable (technically speaking, and from the user's privacy
> respect). We absolutely need the new HTTP standard to make it possible
> for end users to choose if their contents may be analysed by the proxy
> or not
Is that enough to make you understand that perhaps you don't understand all the use cases?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds