W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: why not WPAD?

From: Eliot Lear <lear@cisco.com>
Date: Wed, 15 Jan 2014 22:24:23 +0100
Message-ID: <52D6FC87.70006@cisco.com>
To: Peter Lepeska <bizzbyster@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>

Without addressing your question specifically, who do you trust?  If the
information comes off DHCP do you trust the local network
administrator?  What if your device is mobile?  What if it's in
Starbucks?  If we're talking about DNS-based WPAD, perhaps a configured
domain that one trusts is more interesting, especially if you can play
proximity games...


On 1/15/14 8:09 PM, Peter Lepeska wrote:
> Salvatore's recent draft on trusted proxies
> (http://www.ietf.org/internet-drafts/draft-loreto-httpbis-trusted-proxy20-00.txt)
> presents one approach for browsers to learn about the presence of
> proxies, even when the browser is first using HTTPS to talk to the
> Internet.
> But WPAD already exists for this purpose and all of the browsers
> support it in one form or another -- chrome recently added support for
> WPAD over DHCP as I understand it. I know there are implementation
> problems with WPAD and proxy autoconfig but fundamentally what is
> wrong with the approach of leveraging DHCP and DNS to discover proxies
> and then relying on a simple javascript-based script to determine when
> the proxy should be used?
> Is there something fatally flawed about the WPAD/PAC model for dynamic
> proxy detection? If this topic is covered in another thread, please
> send me a link to it.
> Thanks,
> Peter
Received on Wednesday, 15 January 2014 21:24:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:23 UTC