- From: Eliot Lear <lear@cisco.com>
- Date: Sun, 16 Mar 2014 14:47:46 +0100
- To: Christian Huitema <huitema@huitema.net>, "'Amos Jeffries'" <squid3@treenet.co.nz>, "'Peter Lepeska'" <bizzbyster@gmail.com>
- CC: ietf-http-wg@w3.org
On 3/16/14, 7:58 AM, Christian Huitema wrote: >>> Not trying to side track your ideas on improving WPAD but in my opinion > the >>> increased focus on Internet Hardening decreases the likelihood that an >>> invisible proxy discovery protocol will be enhanced without changes to > the >>> consent model and UI. >> Mixing interactions between WPAD and trust mechanisms to make them >> circularly dependent seems to be what is de-railing all attempts at >> improving either part so far IMHO. >> >> WPAD should be naive. Enough to get back both trusted and un-trustable >> results. > Not really. The scenario that you propose would leave a lot of decisions to > be made in real-time by the end users, based on information from insecure > and easy-to-spoof channels. That seems like a recipe for troubles. I think there is probably a middle ground... > > We should recognize that "trusting a proxy" is a decision with lots of > potential consequences, and adopt a fail-safe mechanism. For example, having > a set of rules of the form, "if in network N1, use proxy P1, if in network > N2, use proxy P2, if in doubt, do not use any proxy." How about something like this: this proxy is part of confederations X, Y, and Z. If you trust confederations X, Y, or Z, then you trust the proxy. Then you don't have to nag the user each time, and it allows for certification approaches. Eliot
Received on Sunday, 16 March 2014 13:48:15 UTC