Re: why not WPAD?
Peter Lepeska <bizzbyster@gmail.com> Wed, 15 January 2014 22:39 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03F5B1AE2C2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Jan 2014 14:39:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.54
X-Spam-Level:
X-Spam-Status: No, score=-7.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOXUnm1Svmes for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Jan 2014 14:39:20 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 50B401AE2B5 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 15 Jan 2014 14:39:19 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1W3Z6p-0001x1-MK for ietf-http-wg-dist@listhub.w3.org; Wed, 15 Jan 2014 22:38:51 +0000
Resent-Date: Wed, 15 Jan 2014 22:38:51 +0000
Resent-Message-Id: <E1W3Z6p-0001x1-MK@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <bizzbyster@gmail.com>) id 1W3Z6j-0001wG-CI for ietf-http-wg@listhub.w3.org; Wed, 15 Jan 2014 22:38:45 +0000
Received: from mail-vb0-f48.google.com ([209.85.212.48]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <bizzbyster@gmail.com>) id 1W3Z6i-0004sX-CZ for ietf-http-wg@w3.org; Wed, 15 Jan 2014 22:38:45 +0000
Received: by mail-vb0-f48.google.com with SMTP id q16so650962vbe.7 for <ietf-http-wg@w3.org>; Wed, 15 Jan 2014 14:38:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YiacqExsOwD8wo0dECAk0MCtFXnnGq4HYjRDkyBAYWg=; b=P1gpgvotNUqRMMgnw2Ca0M1K5TcyJllHCMzh1C11sqgrVMxEhDkcMMcmDVJii/uXB7 74UQvsP95I0Ejkzkx3qwR6zlT4HJczrteViPM7ekrku8cI93fm8P8CBlgGMEJfs6RKFt VDjPqIhcEzJHdNY1U5FVQYgLWKJL+KyrcpLJZprIrhDHLC3rKj6yiSLiLhiKjXDA1vp+ iMabx5RTH5Wo1hAV59vgG7bFZeoKaJfBd9VgXpVQNB7Ua3zmYkbYHc/esrWcEDNLBQQP vNt022qbtqQAKeF2A3PAAwOuaRJAwdkFK/IouEiO14kjkIqdnxGOryCGBiYlm2MxlXdY bcew==
MIME-Version: 1.0
X-Received: by 10.52.231.130 with SMTP id tg2mr2934834vdc.16.1389825498434; Wed, 15 Jan 2014 14:38:18 -0800 (PST)
Received: by 10.58.155.232 with HTTP; Wed, 15 Jan 2014 14:38:18 -0800 (PST)
In-Reply-To: <52D6FC87.70006@cisco.com>
References: <CANmPAYFXkhkqBcmLdeQxcN9REXcCOfbeE2oh-mVxtkFLA0b7ww@mail.gmail.com> <52D6FC87.70006@cisco.com>
Date: Wed, 15 Jan 2014 17:38:18 -0500
Message-ID: <CANmPAYGPv--MdRgiT1o36oTK45pN4EELoL2d-pvB3tMM40EvAw@mail.gmail.com>
From: Peter Lepeska <bizzbyster@gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="ISO-8859-1"
Received-SPF: pass client-ip=209.85.212.48; envelope-from=bizzbyster@gmail.com; helo=mail-vb0-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-2.618, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1W3Z6i-0004sX-CZ e816b2a20ffe6dad5c0ca0b1f471e55b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: why not WPAD?
Archived-At: <http://www.w3.org/mid/CANmPAYGPv--MdRgiT1o36oTK45pN4EELoL2d-pvB3tMM40EvAw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/21815
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Eliot, Maybe the problem is that today we not only use WPAD to detect a proxy, but we also use it to determine whether or not to use the proxy. Or, as you say, to trust it to look at our traffic. Maybe those two actions -- discovery and decision to trust -- should be separate. In the context of the trusted eproxy discussion, I think we're all assuming that there will be an additional trust decision made by the user, or by an administrator in the enterprise case. So I'm asking the question of whether WPAD is an okay mechanism, perhaps with some enhancements, to give us the proxy discovery piece. In that case, do you still see a problem with WPAD if it is only responsible for discovery? Peter On Wed, Jan 15, 2014 at 4:24 PM, Eliot Lear <lear@cisco.com> wrote: > Peter, > > Without addressing your question specifically, who do you trust? If the > information comes off DHCP do you trust the local network > administrator? What if your device is mobile? What if it's in > Starbucks? If we're talking about DNS-based WPAD, perhaps a configured > domain that one trusts is more interesting, especially if you can play > proximity games... > > Eliot > > On 1/15/14 8:09 PM, Peter Lepeska wrote: >> Salvatore's recent draft on trusted proxies >> (http://www.ietf.org/internet-drafts/draft-loreto-httpbis-trusted-proxy20-00.txt) >> presents one approach for browsers to learn about the presence of >> proxies, even when the browser is first using HTTPS to talk to the >> Internet. >> >> But WPAD already exists for this purpose and all of the browsers >> support it in one form or another -- chrome recently added support for >> WPAD over DHCP as I understand it. I know there are implementation >> problems with WPAD and proxy autoconfig but fundamentally what is >> wrong with the approach of leveraging DHCP and DNS to discover proxies >> and then relying on a simple javascript-based script to determine when >> the proxy should be used? >> >> Is there something fatally flawed about the WPAD/PAC model for dynamic >> proxy detection? If this topic is covered in another thread, please >> send me a link to it. >> >> Thanks, >> >> Peter >> >> >> >
- why not WPAD? Peter Lepeska
- Re: why not WPAD? Martin Thomson
- Re: why not WPAD? Eliot Lear
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Peter Lepeska
- Re: why not WPAD? Peter Lepeska
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Amos Jeffries
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Nicolas Mailhot
- Re: why not WPAD? Nicolas Mailhot
- Re: why not WPAD? Nicolas Mailhot
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Peter Lepeska