Re: why not WPAD?
Peter Lepeska <bizzbyster@gmail.com> Wed, 15 January 2014 23:41 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D9F61AE44C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Jan 2014 15:41:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.54
X-Spam-Level:
X-Spam-Status: No, score=-7.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VggZ8l9Q73q for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Jan 2014 15:41:49 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 876C91AE0D0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 15 Jan 2014 15:41:49 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1W3a3n-00011u-95 for ietf-http-wg-dist@listhub.w3.org; Wed, 15 Jan 2014 23:39:47 +0000
Resent-Date: Wed, 15 Jan 2014 23:39:47 +0000
Resent-Message-Id: <E1W3a3n-00011u-95@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <bizzbyster@gmail.com>) id 1W3a3g-00010B-Vb for ietf-http-wg@listhub.w3.org; Wed, 15 Jan 2014 23:39:40 +0000
Received: from mail-vc0-f176.google.com ([209.85.220.176]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <bizzbyster@gmail.com>) id 1W3a3e-0006hp-SN for ietf-http-wg@w3.org; Wed, 15 Jan 2014 23:39:40 +0000
Received: by mail-vc0-f176.google.com with SMTP id la4so688639vcb.35 for <ietf-http-wg@w3.org>; Wed, 15 Jan 2014 15:39:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YihK5Vk7UL73IM07y+MmPXO7U8k5azycBqJNV2ZFZ04=; b=U9Y+a5blsuYFdRxKGukg2j20kMFWR0q13yWm460urje1V7I0dMWdIq6StfVRYTZW50 7jk38Q0PMorWfQmi5l/cUYelBanKBmNyk2BvtldbXqJY8o5TkMQarTObX42mwGPgWrOP cBPBk1msfpTEjVOCI6X8hi3eaqdcEg9eXNFTim5Wa2RMcIh1H2Msw385t7XAeeIRw6yR b3xPM0UvC+Isw8VOnjCtQRjq7WUXBajjpAMbUAGPv4Ly69hCVyowPFYSbjLEAyrwjuxD zXnjWf3FxQeHOYYDlUCBKpq2Wce3dQ6KrnesHXKxhTUTXOi0g9A9PqLP6v4QrVwpkjX0 fhng==
MIME-Version: 1.0
X-Received: by 10.221.55.8 with SMTP id vw8mr3682437vcb.8.1389829152878; Wed, 15 Jan 2014 15:39:12 -0800 (PST)
Received: by 10.58.155.232 with HTTP; Wed, 15 Jan 2014 15:39:12 -0800 (PST)
In-Reply-To: <em8a91594c-b5fe-48ee-a4d5-275eede2e87b@bodybag>
References: <CANmPAYFXkhkqBcmLdeQxcN9REXcCOfbeE2oh-mVxtkFLA0b7ww@mail.gmail.com> <em8a91594c-b5fe-48ee-a4d5-275eede2e87b@bodybag>
Date: Wed, 15 Jan 2014 18:39:12 -0500
Message-ID: <CANmPAYFcqa17XFN_4QPvt4E5AD5_Pnq8gYYdm9HHjrDTwJCFGg@mail.gmail.com>
From: Peter Lepeska <bizzbyster@gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="ISO-8859-1"
Received-SPF: pass client-ip=209.85.220.176; envelope-from=bizzbyster@gmail.com; helo=mail-vc0-f176.google.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-2.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1W3a3e-0006hp-SN 9ea53b247c0bbcf6d29c0376c0baee82
X-Original-To: ietf-http-wg@w3.org
Subject: Re: why not WPAD?
Archived-At: <http://www.w3.org/mid/CANmPAYFcqa17XFN_4QPvt4E5AD5_Pnq8gYYdm9HHjrDTwJCFGg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/21819
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Adrien, That makes sense to me -- it's overly complex to deploy and therefore prone to failure. As far as needing the client to be configured to use proxy auto detect, that might also be the case for the TLS-based proxy detection scheme. Also, the TLS-based scheme requires an in-path proxy, which sounds like its not an issue for your customers. And it's also not an issue for mine, though I think the ability to deploy out of path opens up some interesting possibilities. I wonder if you'd feel the same way about WPAD if implementors had fully committed to it -- if browsers implemented the spec consistently with auto proxy detect enabled most of the time. Inconsistent implementation due to lack of commitment might also turn out to be a problem with the TLS-based scheme. I'm still not sure that WPAD is fundamentally worse. And plus it already exists. Peter On Wed, Jan 15, 2014 at 4:39 PM, Adrien de Croy <adrien@qbik.com> wrote: > > Hi Peter > > in general, WPAD involves up to 4 different systems. > > DHCP > DNS > http server for WPAD.dat URL > client (must be configured to use auto proxy detect) > > then there's the Proxy > > this is 4 places for failure in the WPAD setup. > > We find in practise deploying WPAD to be very problematic for customers. If > however they could divert ports via the proxy, there's 1 system to enforce > and advertise the requirements for connection, and it's the proxy. > Therefore the proxy vendor has complete ability to develop and deploy all > the necessary bits. Neither is it dependent on client config. > > Since clients may start their browsing with https, therefore there needs to > be a way within TLS to advertise this. So actually I think the approach is > a very good one, and stands to make life a great deal easier for all my > customers in any case. > > Adrien > > > > > > ------ Original Message ------ > From: "Peter Lepeska" <bizzbyster@gmail.com> > To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org> > Sent: 16/01/2014 08:09:14 > Subject: why not WPAD? > >> Salvatore's recent draft on trusted proxies >> >> (http://www.ietf.org/internet-drafts/draft-loreto-httpbis-trusted-proxy20-00.txt) >> presents one approach for browsers to learn about the presence of >> proxies, even when the browser is first using HTTPS to talk to the >> Internet. >> >> But WPAD already exists for this purpose and all of the browsers >> support it in one form or another -- chrome recently added support for >> WPAD over DHCP as I understand it. I know there are implementation >> problems with WPAD and proxy autoconfig but fundamentally what is >> wrong with the approach of leveraging DHCP and DNS to discover proxies >> and then relying on a simple javascript-based script to determine when >> the proxy should be used? >> >> Is there something fatally flawed about the WPAD/PAC model for dynamic >> proxy detection? If this topic is covered in another thread, please >> send me a link to it. >> >> Thanks, >> >> Peter >> >
- why not WPAD? Peter Lepeska
- Re: why not WPAD? Martin Thomson
- Re: why not WPAD? Eliot Lear
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Peter Lepeska
- Re: why not WPAD? Peter Lepeska
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Amos Jeffries
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Nicolas Mailhot
- Re: why not WPAD? Nicolas Mailhot
- Re: why not WPAD? Nicolas Mailhot
- Re: why not WPAD? Adrien de Croy
- Re: why not WPAD? Peter Lepeska