W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: why not WPAD?

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Thu, 16 Jan 2014 10:54:22 +0100
Message-ID: <70b7c457ab62a6154e31532bd1036b38.squirrel@arekh.dyndns.org>
To: "Eliot Lear" <lear@cisco.com>
Cc: "Peter Lepeska" <bizzbyster@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>

Le Mer 15 janvier 2014 22:24, Eliot Lear a écrit :
> Peter,
>
> Without addressing your question specifically, who do you trust?  If the
> information comes off DHCP do you trust the local network
> administrator?  What if your device is mobile?  What if it's in
> Starbucks?  If we're talking about DNS-based WPAD, perhaps a configured
> domain that one trusts is more interesting, especially if you can play
> proximity games...

The fact is, you should not have to trust "here is the proxy" hint or not.
A correct security model is "do you trust the proxy or not", regardless of
how you discovered it

Regards,

-- 
Nicolas Mailhot
Received on Thursday, 16 January 2014 09:54:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:23 UTC