Re: [Int-area] New version: draft-pauly-intarea-proxy-config-pvd-02
Josh Cohen <joshco@gmail.com> Tue, 05 March 2024 18:24 UTC
Return-Path: <joshco@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE6D4C15199D for <int-area@ietfa.amsl.com>; Tue, 5 Mar 2024 10:24:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blT9E-PEzFbE for <int-area@ietfa.amsl.com>; Tue, 5 Mar 2024 10:24:10 -0800 (PST)
Received: from mail-oa1-x2d.google.com (mail-oa1-x2d.google.com [IPv6:2001:4860:4864:20::2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12BD0C14F69E for <int-area@ietf.org>; Tue, 5 Mar 2024 10:24:10 -0800 (PST)
Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-22007fe465bso3547811fac.1 for <int-area@ietf.org>; Tue, 05 Mar 2024 10:24:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709663049; x=1710267849; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OQMbrrta2mGuiJ6kIR6VchcfFWK/Ie1lBhD3vH+eIRk=; b=lvcjouhgHrPhQbiqeDHkIkIVbIVZt0ShmvA89dPSO/CAVOSY66gr99tsLvC4s3RqgT ubnhuubbxb2xFFbnmqh9he1MlHO769kTX6vKrcYS9RPPZhEYM6PPORv1sGQaHW+X2fhp BfRoZ+607/LBCYzHFR9IDfIZhWMp83jyCF3vOcD1Btfh0s9xakCk2vMSmj14ikjjyZs1 J9C4oKa9im4Lkm3GvcN99rU2XiK/FYGbuCU02ulVvWvCVt0LZfjKW4tKeoMfwtmnfqpj +Lu0TsPK0BSLulwJBNUxUCQVw4Qo6f7X6NIjUC/WKGIVJwdsMY+3yJEzyY2ugua4+W0U ayFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709663049; x=1710267849; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OQMbrrta2mGuiJ6kIR6VchcfFWK/Ie1lBhD3vH+eIRk=; b=sKczlm1Gp0beV2ZxepP3sztEKkb4LcU3yI61igBQgejHo6qB6+VaN72gw0Xl/zPq1C 9w2dTHsAGwmXXiplFwKI49Jv/j4ztyD8gfbAWeu5fWES5kql/WNsdV6fD519IlKqHVFi 2sBXmYtbG2eC9/vLbM9Cr09RR0VWV61hO/vckfi+8uWRO6NRnNrs/amQNayJpEh1Ge0F lrfRl5aN7pC/e84rnxq9mjVS2sw5YN6Jg+X4UcFwyjcWpGMbBlQd70O6XznEjvBetTxr ONyTd6GhQWLs5lSL6LtdUQhS+UGMR5pCamXV6BD1EW8RYPJ5VXJZ8mWX3znnhMhI8ieC UmgQ==
X-Gm-Message-State: AOJu0Yzt7Fq7tiIfQy3K75M+l30OTAmofad+ARTE+Rx5jWWORwueQAQ2 6yTOfdURi+Szth2QA8zuKV5kC/wHGqLccvdIANYEhJIAJAMrcJcIRGACi5LTuEH3F9Z17iHPVdr oDrz30U1b4I6S6Bih3hkeR3BsROA=
X-Google-Smtp-Source: AGHT+IHfK2QvcyxVWTzO3dgJd1a1LcaZZqg5EHhrhlscAuoBmrhiDtZb9LpXFI2gFjFKglzsCpu6P4zwPpMQwp3VLDI=
X-Received: by 2002:a05:6870:1d0:b0:21f:828:7a7c with SMTP id n16-20020a05687001d000b0021f08287a7cmr3230367oad.6.1709663049236; Tue, 05 Mar 2024 10:24:09 -0800 (PST)
MIME-Version: 1.0
References: <2A63BA95-7139-4CEE-AD16-EC6999E700B6@apple.com>
In-Reply-To: <2A63BA95-7139-4CEE-AD16-EC6999E700B6@apple.com>
From: Josh Cohen <joshco@gmail.com>
Date: Tue, 05 Mar 2024 13:23:55 -0500
Message-ID: <CAF3KT4T-66QqfR_ka8tmRxNB5QAc8Ajci7bcepdc6=eao_7Hgw@mail.gmail.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: int-area@ietf.org, Dragana Damjanovic <ddamjanovic@microsoft.com>
Content-Type: multipart/alternative; boundary="000000000000bc464d0612edf2b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/ElbhpGKKfxj2hbV9bArPRv8VAX8>
Subject: Re: [Int-area] New version: draft-pauly-intarea-proxy-config-pvd-02
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 18:24:14 -0000
Hi Tommy, Dragana, As I'm getting my head wrapped around this proposal, is it fair to view it as a metadata endpoint for a proxy server? Sort of like a richer OPTIONS that doesn’t get forwarded by the proxy? WRT Split DNS: > When present in a PvD Additional Information dictionary that is retrieved for a proxy as described in Section 2 <https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-02.html#proxy-pvd>, domains in > the dnsZones array indicate specific zones that are accessible using the proxy. If a hostname is not included in the > enumerated zones, then a client SHOULD assume that the hostname will not be accessible through the proxy. This is great. It is an "inclusion" set, but what about an "exclusion" set? Eg "use me for everything on the web, except the following internal domains" This will be essential for situations where PVD is used as a replacement for the JavaScript PAC file, that is discovered through WPAD(NG) or elsewhere. With the increasing deployment of IoT devices, they will eventually find themselves needing to use a proxy server, especially if they are inside an enterprise. Microcontrollers such as Arduino class devices, ESP32 etc, are powerful enough to act as web clients and servers. However, running a JS engine to parse the PAC file may require space and computing power that dwarfs that for the device functionality itself. Eg "I am just a temperature sensor! Why do I need a JS engine?" On the other hand, there are a plethora of Arduino libraries to parse JSON. WPAD OG was designed 20 years ago in Web dinosaur times. We now have an opportunity to have IoT and other devices start off with a more modern, efficient and secure format, which hopefully will last us the next 20 years. Thoughts? On Fri, Mar 1, 2024 at 9:36 PM Tommy Pauly <tpauly= 40apple.com@dmarc.ietf.org> wrote: > Hello INTAREA, > > At IETF 118, we presented our draft on discovering proxies with PvD > information files. We got good support for working on this, along with some > feedback for how to improve the format to support more details for the > proxies, and more explicit indications of proxy protocols. > > We’ve just published draft-pauly-intarea-proxy-config-pvd-02 to > incorporate this feedback: > > https://datatracker.ietf.org/doc/draft-pauly-intarea-proxy-config-pvd/ > > https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-02.html > > We’d like to continue discussing this at the upcoming IETF 119 meeting, > and welcome any comments on list! > > Best, > Tommy > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area > -- --- *Josh Co*hen