Re: WPAD ideas and considerations from Amos Jeffries on 2014-03-17 (ietf-http-wg@w3.org from January to March 2014)

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 17 Mar 2014 21:37:03 +1300
To: ietf-http-wg@w3.org
Message-ID: <5326B42F.6000307@treenet.co.nz>

On 17/03/2014 2:47 a.m., Eliot Lear wrote:
> 
> On 3/16/14, 7:58 AM, Christian Huitema wrote:
>>>> Not trying to side track your ideas on improving WPAD but in my opinion
>> the
>>>> increased focus on Internet Hardening decreases the likelihood that an
>>>> invisible proxy discovery protocol will be enhanced without changes to
>> the
>>>> consent model and UI.
>>> Mixing interactions between WPAD and trust mechanisms to make them
>>> circularly dependent seems to be what is de-railing all attempts at
>>> improving either part so far IMHO.
>>>
>>> WPAD should be naive. Enough to get back both trusted and un-trustable
>>> results.
>> Not really. The scenario that you propose would leave a lot of decisions to
>> be made in real-time by the end users,

No. Simply leaving those decisions to *some* process outside of the WPAD
step.

NOTE the "D" for *detection* in there is a significant scope
differentiator from the followup PAC process with "C" for *configure*.

The end user (if any) may or may not be involved with PAC. And
Authentication if used sohould definitely be part of that decision
making. But should not be relevant to the *WPAD* stage any more than
they are relevant to DNS query responses arriving.

>> based on information from insecure
>> and easy-to-spoof channels. That seems like a recipe for troubles.
> 
> I think there is probably a middle ground...
>>
>> We should recognize that "trusting a proxy" is a decision with lots of
>> potential consequences, and adopt a fail-safe mechanism. For example, having
>> a set of rules of the form, "if in network N1, use proxy P1, if in network
>> N2, use proxy P2, if in doubt, do not use any proxy." 
> 
> How about something like this: this proxy is part of confederations X,
> Y, and Z.  If you trust confederations X, Y, or Z, then you trust the
> proxy.  Then you don't have to nag the user each time, and it allows for
> certification approaches.

Sounds good as a step of the PAC process. Deciding which of the detected
proxies is to be used.

Where did the information about said proxy come from though?
 it is the final detail of the WPAD process.

Do you see now what I meant by circular dependencies if the WPAD and
trust are co-mingled?
 one must start by accepting untrusted WPAD response packets *then*
figure out which can be trusted and for what.

AYJ

Received on Monday, 17 March 2014 08:37:33 UTC