- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 4 Nov 2014 08:39:04 +1100
- To: "Mishra, Sanjay" <sanjay.mishra@verizon.com>, diego.r.lopez@telefonica.com
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hi Sanjay and Diego, To summarise where I think we’re at — the fundamental issues with discovery are: - Authentication / Authorisation — how does the browser know that the proxy is who they say they are (e.g., “from my network”) and that they’re allowed to act in this capacity? - User Experience — how does the user of the browser become aware of and give permission to (or opt out of) the proxy, considering that UX around security and configuration is so tricky? These issues have come up consistently when we’ve discussed discovery in the past. Right now, the “default” answer for discovery is an intercepting proxy. That’s a layer violation (which makes many people sad, including HTTP people because it’s difficult to disambiguate between the proxy and the origin), but it has *better* security properties than e.g., WPAD, because it isn’t trusted more than the network itself, and it’s harder to spoof. Any solution which automatically inserts an intermediary (with or without user interaction) is going to see a fair amount of scrutiny and pushback, I think, because it’s introducing a new attack vector. So far, the most promising direction for this that I’ve heard seems to be having a whitelist of authorities which the browser is willing to trust advertisements from, and then requiring cryptographic proof before trusting such an advertisement. How that whitelist gets populated, however, would likely be contentious (and may not even be suitable for standardisation). At any rate, we’ll have time for discussion in HNL; should be interesting. Cheers, > On 4 Nov 2014, at 2:48 am, Mishra, Sanjay <sanjay.mishra@verizon.com> wrote: > > Hi everyone. Staying with WPD, I too have some additional input to the WPD draft. > > I believe, WPD assumes, or even requires, that the initial WPD authority is explicitly configured somehow*. That configuration implies that authorization occurs prior to any discovery. Discovery is pretty much limited to finding a valid instance. [*For this email, assuming that this can happen as a result of a direct user action; or it could be baked into the client somehow. From the outside, these are basically indistinguishable] > > I have a suggestion. How about, have the network advertise the availability of proxies? This would invert the order of operations, so that an advertisement could be made, the client would acquire the WPD and a user would - if they choose to use a proxy at all - be able to select from the list of advertised proxies. > > Automatic discovery of proxies presents some challenges. Of all of the discovery mechanisms the IETF has produced (and the multitude proposed outside of the IETF), there isn't a single one that is universally applicable. Most of these mechanisms rely on layer 2 features, where the only common layer on the Internet is layer 3. > > Would like to hear if anyone has any thoughts on this. > > Thanks > Sanjay -- Mark Nottingham http://www.mnot.net/
Received on Monday, 3 November 2014 21:39:35 UTC