Re: Preliminary minutes from the Design Team Meeting: WPAD and Proxy.pac

from our POV, hard relates to supporting customers in getting it 
operational, given that there are so many isolated systems (DHCP, DNS, 
web server etc) that need to work together for it to work.

A single point of enforcement and configuration would make it a lot 
easier to deploy, without even attempting to address concerns about 
ability to trust the results of the discovery mechanism.

There currently is no attempt (visible at least) to deal with this issue 
in currently deployed working WPAD setups.  The browser discovers the 
proxy and uses it without the slightest indication to the user as to the 
gravity of the situation.

So evidently trust is a de facto non-issue at the moment, are we sure we 
need to drag this in?



------ Original Message ------
From: "Eliot Lear" <lear@cisco.com>
To: "emile.stephan@orange.com" <emile.stephan@orange.com>; "Mark 
Nottingham" <mnot@mnot.net>; "HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 13/03/2014 9:04:33 p.m.
Subject: Re: Preliminary minutes from the Design Team Meeting: WPAD and 
Proxy.pac

>People keep saying this is a hard problem and I would like to 
>understand the nature of "hard".  If hard is "How do you trust a given 
>proxy for a given purpose?", then let's solve for that.  If "hard" is 
>how do you know that the discovery protocol is providing you 
>information you can trust, then let's solve for that.  But let's at 
>least understand what we're solving for.
>
>Eliot
>
>
>
>
>On 3/10/14, 6:34 PM, emile.stephan@orange.com wrote:
>>Hi Mark,
>>
>>
>>
>>The draft of the minutes says:
>>
>>
>>
>>Discovery is hard. We encourage interception proxies through inaction. 
>>Not much interest in standardising WPAD (security concerns, deployment 
>>concerns), but strong interest in proxy.pac from implementers, due to 
>>considerable pain. Would be interested in clarifying the current 
>>format and normalising behaviour as much as possible, and potentially 
>>in extending / replacing the format. E.g., IPv6, secure proxy.
>>
>>
>>
>>I had the feeling there was the same interest in refurbishing both of 
>>them.
>>
>>
>>
>>Regards
>>
>>Emile
>>
>>
>>
>>-----Message d'origine-----
>>De : Mark Nottingham [mailto:mnot@mnot.net]
>>Envoyé : samedi 8 mars 2014 17:48
>>À : HTTP Working Group
>>Objet : Preliminary minutes from the Design Team Meeting
>>
>>
>>
>>…are at:
>>
>>   
>>https://github.com/http2/wg_materials/blob/master/interim-14-03/minutes.md
>>
>>
>>
>>
>>
>>--
>>
>>Mark Nottingham   http://www.mnot.net/
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>_________________________________________________________________________________________________________________________ 
>>Ce message et ses pieces jointes peuvent contenir des informations 
>>confidentielles ou privilegiees et ne doivent donc pas etre diffuses, 
>>exploites ou copies sans autorisation. Si vous avez recu ce message 
>>par erreur, veuillez le signaler a l'expediteur et le detruire ainsi 
>>que les pieces jointes. Les messages electroniques etant susceptibles 
>>d'alteration, Orange decline toute responsabilite si ce message a ete 
>>altere, deforme ou falsifie. Merci. This message and its attachments 
>>may contain confidential or privileged information that may be 
>>protected by law; they should not be distributed, used or copied 
>>without authorisation. If you have received this email in error, 
>>please notify the sender and delete this message and its attachments. 
>>As emails may be altered, Orange is not liable for messages that have 
>>been modified, changed or falsified. Thank you.
>

Received on Friday, 14 March 2014 01:09:39 UTC