W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: ID: Proxy autoconfig

From: Jim Gettys <jg@pa.dec.com>
Date: Tue, 8 Apr 1997 11:39:20 -0700
Message-Id: <9704081839.AA30775@pachyderm.pa.dec.com>
To: Yaron Goland <yarong@microsoft.com>
Cc: Stuart Kwan <skwan@microsoft.com>, http-wg@cuckoo.hpl.hp.com, josh@netscape.com
I talked to Jeff Schiller (IETF area director for security)
about the serverloc security problems....

The problem is that anyone, anywhere, can advertize the service, and 
potentially arrange to get a client to use a service (in this case,
a proxy) of the attacker's choosing.

The security compromise for serverloc to go to proposed standard is to
allow one, via public key crypto, verify the new advertisements.

The problem from our point of view is that the solution to serverloc's 
security problem reduces to the previously unsolved problem: having to 
distribute different keys to different browsers, which isn't better than 
what we have now, having to distribute the first proxy configuration 
information to the browser. A solution to this might be to use DHCP to 
distribute the keys required, but is not yet specified.

Now, DHCP has its own set of security problems, but I note that people
are already trusting it in the first place to get their IP addresses (for the
mass market).

So without being expert at either protocol, it sure sounded like in
the short term a DHCP based solution might be best, though in the longer
term, something that is more dynamic than just information acquired
at boot time would be a better solution (so that when a browser
gets restarted, you can pick up the current proxy, or fail-over if a failure
is detected while talking to a proxy.  And in the long term, this may
not be either/or.

Hope this helps discussions....
				- Jim
Received on Tuesday, 8 April 1997 11:47:50 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:34 EDT