Re: [Int-area] New version: draft-pauly-intarea-proxy-config-pvd-02
Tommy Pauly <tpauly@apple.com> Tue, 05 March 2024 18:28 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32186C15154D for <int-area@ietfa.amsl.com>; Tue, 5 Mar 2024 10:28:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hn700CXExp7Z for <int-area@ietfa.amsl.com>; Tue, 5 Mar 2024 10:28:38 -0800 (PST)
Received: from ma-mailsvcp-mx-lapp03.apple.com (ma-mailsvcp-mx-lapp03.apple.com [17.32.222.24]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C728C151524 for <int-area@ietf.org>; Tue, 5 Mar 2024 10:28:38 -0800 (PST)
Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by ma-mailsvcp-mx-lapp03.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S9W00O6W0NO1Z30@ma-mailsvcp-mx-lapp03.apple.com> for int-area@ietf.org; Tue, 05 Mar 2024 10:28:37 -0800 (PST)
X-Proofpoint-GUID: Jp3K8dNyILHftDkyCCKgrszthuyDGT8m
X-Proofpoint-ORIG-GUID: Jp3K8dNyILHftDkyCCKgrszthuyDGT8m
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_15,2024-03-05_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 suspectscore=0 phishscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 spamscore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2403050148
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=LnI4sraXAB3lObxZ29RhTr1VKXPMbnVCi2Rd1JEKHEw=; b=R1uHNUZ59F2Llrlz/K7CQ8IwkCOfM1IXejOxOE4nHGaWIeTxu6OUNWvf3U+pSlFUEICU t9bPvt/ezo7s7EluyNbUQLX9OhS4QA8u+4r6A6GEsb8nbcSjhgi6Nu25axmSlmxPnnfR HhNBF8OonEzonKw0WcSl96x9vWuJJaAyoRftOLiijJLYkQpOmkwM58817sUKMVdVAJtQ MMIRMd5E9iIXRtfTFbKe8lxeuWDFRSvmHCR6UoobVhTFiWAB081gHm2V4STLvovJ9svJ lr3jbrx/IIawVJMrntJOX6ZdxWAmXs3AgQ7krv4P1dVPLKSsxWSPpsf+xfFQSLQoXvxf 7Q==
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S9W00G9Y0NO7GO0@rn-mailsvcp-mta-lapp03.rno.apple.com>; Tue, 05 Mar 2024 10:28:36 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S9W00000098PV00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Tue, 05 Mar 2024 10:28:36 -0800 (PST)
X-Va-A:
X-Va-T-CD: 99a257a94e72667328bacc17d4e3983a
X-Va-E-CD: f067985701fd9d96cb830a2e670c8dae
X-Va-R-CD: cf0ecfb56dcbc45d20ab410cf82846f4
X-Va-ID: e41d643f-f9d0-4ea3-b524-c5147bc07b96
X-Va-CD: 0
X-V-A:
X-V-T-CD: 99a257a94e72667328bacc17d4e3983a
X-V-E-CD: f067985701fd9d96cb830a2e670c8dae
X-V-R-CD: cf0ecfb56dcbc45d20ab410cf82846f4
X-V-ID: 457e4a7c-1751-4172-9e29-d08a8cf46cfc
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_15,2024-03-05_01,2023-05-22_02
Received: from smtpclient.apple ([17.234.20.38]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S9W00XAV0NNAS00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Tue, 05 Mar 2024 10:28:36 -0800 (PST)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <D3365DED-DA00-4740-B934-46E8FB233FC6@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_5854174A-7FA7-4751-830B-E78C6AF078A6"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Tue, 05 Mar 2024 10:28:25 -0800
In-reply-to: <CAF3KT4T-66QqfR_ka8tmRxNB5QAc8Ajci7bcepdc6=eao_7Hgw@mail.gmail.com>
Cc: int-area@ietf.org, Dragana Damjanovic <ddamjanovic@microsoft.com>
To: Josh Cohen <joshco@gmail.com>
References: <2A63BA95-7139-4CEE-AD16-EC6999E700B6@apple.com> <CAF3KT4T-66QqfR_ka8tmRxNB5QAc8Ajci7bcepdc6=eao_7Hgw@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/EpHZ5at1YIthugj6llV89s0wM2g>
Subject: Re: [Int-area] New version: draft-pauly-intarea-proxy-config-pvd-02
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 18:28:39 -0000
Hi Josh, Yes, the PvD file carries configuration metadata about a network access in general, and this extension allows it to carry proxy details. When asking a proxy server for its own PvD, that lets it tell you more about which proxy protocols it supports and their locations. When asking a network for its PvD, that can allow the network to indicate which proxies are associated with the network. With regards to the domain lists, totally agreed that adding exclusion sets would be good. That could be easily added as a key! Best, Tommy > On Mar 5, 2024, at 10:23 AM, Josh Cohen <joshco@gmail.com> wrote: > > Hi Tommy, Dragana, > > As I'm getting my head wrapped around this proposal, is it fair to view it as a metadata endpoint for a proxy server? Sort of like a richer OPTIONS that doesn’t get forwarded by the proxy? > > WRT Split DNS: > > > When present in a PvD Additional Information dictionary that is retrieved for a proxy as described in Section 2 <https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-02.html#proxy-pvd>, domains in > > the dnsZones array indicate specific zones that are accessible using the proxy. If a hostname is not included in the > > enumerated zones, then a client SHOULD assume that the hostname will not be accessible through the proxy. > > This is great. It is an "inclusion" set, but what about an "exclusion" set? Eg "use me for everything on the web, except the following internal domains" > > This will be essential for situations where PVD is used as a replacement for the JavaScript PAC file, that is discovered through WPAD(NG) or elsewhere. > > With the increasing deployment of IoT devices, they will eventually find themselves needing to use a proxy server, especially if they are inside an enterprise. > > Microcontrollers such as Arduino class devices, ESP32 etc, are powerful enough to act as web clients and servers. However, running a JS engine to parse the PAC file may require space and computing power that dwarfs that for the device functionality itself. Eg "I am just a temperature sensor! Why do I need a JS engine?" > > On the other hand, there are a plethora of Arduino libraries to parse JSON. > > WPAD OG was designed 20 years ago in Web dinosaur times. We now have an opportunity to have IoT and other devices start off with a more modern, efficient and secure format, which hopefully will last us the next 20 years. > > Thoughts? > > On Fri, Mar 1, 2024 at 9:36 PM Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:40apple.com@dmarc.ietf.org>> wrote: >> Hello INTAREA, >> >> At IETF 118, we presented our draft on discovering proxies with PvD information files. We got good support for working on this, along with some feedback for how to improve the format to support more details for the proxies, and more explicit indications of proxy protocols. >> >> We’ve just published draft-pauly-intarea-proxy-config-pvd-02 to incorporate this feedback: >> >> https://datatracker.ietf.org/doc/draft-pauly-intarea-proxy-config-pvd/ >> https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-02.html >> >> We’d like to continue discussing this at the upcoming IETF 119 meeting, and welcome any comments on list! >> >> Best, >> Tommy >> _______________________________________________ >> Int-area mailing list >> Int-area@ietf.org <mailto:Int-area@ietf.org> >> https://www.ietf.org/mailman/listinfo/int-area > > > -- > --- > Josh Cohen > > >