Re: [Int-area] New version of WPADNG
Josh Cohen <joshco@gmail.com> Thu, 18 July 2024 02:37 UTC
Received: by ietfa.amsl.com (Postfix) id 42121C1CAE8E; Wed, 17 Jul 2024 19:37:22 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41278C1CAE8D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Jul 2024 19:37:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.859
X-Spam-Level:
X-Spam-Status: No, score=-7.859 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="XWgHeYka"; dkim=pass (2048-bit key) header.d=w3.org header.b="EA6PiG5J"; dkim=pass (2048-bit key) header.d=gmail.com header.b="UcHUxgSZ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Gi26aXtkXPw for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Jul 2024 19:37:21 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC29AC1CAE60 for <httpbisa-archive-bis2Juki@ietf.org>; Wed, 17 Jul 2024 19:37:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=ReOWlVXHlH2HawygZcILEy+JVaHqXcGfSmyXsJTSuqc=; b=XWgHeYkaC6HNPSQcbpiE3suLuv DizWUMDcZa3y5JjG3COfwb26I5nMxq1ZzKO4gV6mQ1uHMw5F0qJ6/0TMVSn2VZoDdUY7/beq0zel7 gh7rjG2Ug5WygQeEXXKW0Js39YnaVK0uPYJdFoQLWfCQ/tFp4TmUmOP2tgoIo60y2et+8i5EihCMX syQtw77YuJFpHWLvuJABZ+Z5z2uw+4Ew2Qh3gZMe09PwZyP6Gnhk43z4/hrhh5lab1xRmUDn/0WWD tPjjDMpySH9umdVcdIylNWb4Mhdni++264UhbPYmf7gPt4gz+r57UJ5kSmR/Cs+ijW5Msca+g9fKK 0MJRviPQ==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1sUH0J-005rif-0c for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Jul 2024 02:36:23 +0000
Resent-Date: Thu, 18 Jul 2024 02:36:23 +0000
Resent-Message-Id: <E1sUH0J-005rif-0c@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <joshco@gmail.com>) id 1sUH0H-005rhV-0P for ietf-http-wg@listhub.w3.internal; Thu, 18 Jul 2024 02:36:21 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=ReOWlVXHlH2HawygZcILEy+JVaHqXcGfSmyXsJTSuqc=; t=1721270181; x=1722134181; b=EA6PiG5Jz/KgUWnGHnzt7Xzanzzj1j0U8AVCcvyHc+6Ppa0fIdjzp2WtprGlNiFFrIyslZ+vuzk k/7Un7voZY3KJj5Ic4qCWVbndcCs3Do43Xhbo5i1UwbMDQls9E5uzY3eR2Tk3JeoLtQo1znkco6Ao 6dbHPz7Crq8Ixdqec/TPbwXKJ85U1GbbtU/jetKfBuPIkqD5eQ6M1v1W4+atQs8V/EOqWi0SBcJ5g YNPGw3ErE+5rH3dmVKd2uvGjvR/sYJ1YZbMpfMHD2I+rOaa6rS4ZeOyI+HgfhO6MR80NS7aMurXGj 7TkPwnmfmM5cBTHK817WXK1Kl5TKci3ONYXg==;
Received-SPF: pass (pan.w3.org: domain of gmail.com designates 2607:f8b0:4864:20::c2c as permitted sender) client-ip=2607:f8b0:4864:20::c2c; envelope-from=joshco@gmail.com; helo=mail-oo1-xc2c.google.com;
Received: from mail-oo1-xc2c.google.com ([2607:f8b0:4864:20::c2c]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <joshco@gmail.com>) id 1sUH0G-009qET-1l for ietf-http-wg@w3.org; Thu, 18 Jul 2024 02:36:21 +0000
Received: by mail-oo1-xc2c.google.com with SMTP id 006d021491bc7-5c6924f2383so121876eaf.2 for <ietf-http-wg@w3.org>; Wed, 17 Jul 2024 19:36:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721270177; x=1721874977; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ReOWlVXHlH2HawygZcILEy+JVaHqXcGfSmyXsJTSuqc=; b=UcHUxgSZeYuagvOhwF0uypuf+pX49EYRVtrgEscPEeesLG2CZeALdSmzriUUZtxv9F TxbV6tr9ovg0UOBTs9lGEeXWPIarImPIx4aEJPWrNff5SrSucSiHnRCjuKKbRMhYXDCF obMrI/YUv0RgvKXu+6SFvUIJ1B1H2mnqErmAi/chc8mFOQQh3sfF4Il7R+EAd7g93rb7 b7qBfMaVeSz1N2+Dr3z22CB7KvkcWLdxCgJRwgZQWPU2QmYY6O5lIzgQKitZBR0VlDxo Fwr6572ztmjGY2VKqy7gffFEznKLWTtF93HeypJCt97CY1VCArFzox/EyJnHc8ilYqBI psuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721270177; x=1721874977; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ReOWlVXHlH2HawygZcILEy+JVaHqXcGfSmyXsJTSuqc=; b=slRhzY+R9OCJMAkqrzEMhERMSWXW29HGr0n7UkgL27AkQd/GQKjW196LVNnHfEN4hb c/VSey3MHRt7FIKZMyWPpRA3dJWOJaw/CCNnXg3sjtY7GHQwQACke5smj6yJHeYcFgGO 5TWTQh+Dqz2g03SsVZ5vB8upOTY2JN8tHWfs0iWMtPS0lwAQ3Z/Fm92HkrRVehGmKVdp dOPQZiRHTNrM2IF7R+1rFWm/8eEhLEeqdgnILW6CyY1YFztmU/1XwbpXegMn2zr4OlzL SceKErCDxWdsRA1dC1ZA3y/xH5qpXORgJ2rDbdgTxiv204SGAbRGwUL+OGJLM+CGb2ut 615w==
X-Forwarded-Encrypted: i=1; AJvYcCXrWCmmRjG62SYqgfWqPfP0WCgzu9zS8Eypqq5x8bz2KS84OXr8IKDKhIDVL1qHzNY8/pqSLqBZXSpbIOsQNSm/B8By
X-Gm-Message-State: AOJu0Ywrr/QTLUi5B0R9BWC8pPgkyQUp/1hA6s+AdwYqPfOeF0sLiEg0 jORtbYuvvn/dH1KwYvb5nZ64j02pQ8lhVMlnUFC3M2gO/qM39QmUbNsdsdxiDOfARuvLUqbUS2M 8z4UamG33nNQnH2i9FUx2mQpBq9Y=
X-Google-Smtp-Source: AGHT+IGH2A/kCt+v+dX501RqaetfeIaVhCWz6oQcmg7qrZ5YDHDcc7ubFDlaZTw5jjlprDjckUuzdEsPdL5UjoamyJA=
X-Received: by 2002:a05:6820:2085:b0:5ce:adf8:291c with SMTP id 006d021491bc7-5d41b171ca7mr4786875eaf.3.1721270176803; Wed, 17 Jul 2024 19:36:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAF3KT4QFxgNK=kLw_jZ06B85-3sUXqHmHQK03i-jWOZS-jCszw@mail.gmail.com> <CAPDSy+6ranR-120OMGzOGELLA=r2BxJdqLFmTXWqCA6-wm2uoQ@mail.gmail.com> <CAF3KT4SmCpBFZ-3VtnkaSBTSzRpBwOnBqsrft3RxVbq7MU09+Q@mail.gmail.com> <CACsn0cknrPEeacAkRv7LhywS6bWkYc+bEzfS8kMKLcJzY1Z55w@mail.gmail.com>
In-Reply-To: <CACsn0cknrPEeacAkRv7LhywS6bWkYc+bEzfS8kMKLcJzY1Z55w@mail.gmail.com>
From: Josh Cohen <joshco@gmail.com>
Date: Wed, 17 Jul 2024 22:36:04 -0400
Message-ID: <CAF3KT4Se2=TxChwcthnbAOnvOfd_ji7mUHCS4aS_UwJcTFgaLQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, int-area@ietf.org, ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="000000000000737647061d7c7175"
X-W3C-Hub-DKIM-Status: validation passed: (address=joshco@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1sUH0G-009qET-1l 29d084203623551ac8d8c3247a1678b3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Int-area] New version of WPADNG
Archived-At: <https://www.w3.org/mid/CAF3KT4Se2=TxChwcthnbAOnvOfd_ji7mUHCS4aS_UwJcTFgaLQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52081
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
You lost me with the nuclear submarine reference. I'm guessing instead of a terminal room, the IETF now has a navy? The coffee shop gives you your IP address, default route to the Internet, DNS servers and other DHCP options. It often has a captive portal, which may also have a transparent proxy that filters, can eavesdrop or otherwise abuse you. It is *their* network after all, you are just a guest. That's aside from chai latte sipping wifi snoopers and the general jungle of public wifi. I'm definitely getting the "WPAD suxorz" vibe, but what's missing are answers to how scenarios WPAD currently addresses will be addressed without it. At work, your computer uses your enterprise's proxy. When you arrive at the coffeeshop, will you go into your computer's settings and turn off the proxy? When you go back to work the next day, will you go back into your settings and turn it on again? On Wed, Jul 17, 2024 at 7:50 PM Watson Ladd <watsonbladd@gmail.com> wrote: > One adversary is willing to devote an entire nuclear submarine to the > task. They are more than willing to use existing vulnerabilities in > ways that you never hear about because they are good at their jobs. > > If you use network links to configure your device, and the device goes > to the coffeeshop, that coffeeshop gets to configure the device. > That's just inherently a bad idea, and always has been. > > Sincerely, > Watson Ladd > > -- > Astra mortemque praestare gradatim > -- --- *Josh Co*hen
- New version of WPADNG Josh Cohen
- Re: [Int-area] New version of WPADNG David Schinazi
- Re: [Int-area] New version of WPADNG Josh Cohen
- Re: [Int-area] New version of WPADNG Watson Ladd
- Re: [Int-area] New version of WPADNG Josh Cohen
- Re: [Int-area] New version of WPADNG Tommy Pauly
- Re: [Int-area] New version of WPADNG Watson Ladd
- Re: [Int-area] New version of WPADNG Josh Cohen
- Re: [Int-area] New version of WPADNG Josh Cohen
- Re: [Int-area] New version of WPADNG Ben Schwartz