W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

RE: WPAD ideas and considerations

From: Christian Huitema <huitema@huitema.net>
Date: Sat, 15 Mar 2014 23:58:30 -0700
To: "'Amos Jeffries'" <squid3@treenet.co.nz>, "'Peter Lepeska'" <bizzbyster@gmail.com>
Cc: <ietf-http-wg@w3.org>
Message-ID: <084201cf40e5$24177800$6c466800$@huitema.net>

>> Not trying to side track your ideas on improving WPAD but in my opinion
the
>> increased focus on Internet Hardening decreases the likelihood that an
>> invisible proxy discovery protocol will be enhanced without changes to
the
>> consent model and UI.
>
> Mixing interactions between WPAD and trust mechanisms to make them
> circularly dependent seems to be what is de-railing all attempts at
> improving either part so far IMHO.
> 
> WPAD should be naive. Enough to get back both trusted and un-trustable
> results.

Not really. The scenario that you propose would leave a lot of decisions to
be made in real-time by the end users, based on information from insecure
and easy-to-spoof channels. That seems like a recipe for troubles.

We should recognize that "trusting a proxy" is a decision with lots of
potential consequences, and adopt a fail-safe mechanism. For example, having
a set of rules of the form, "if in network N1, use proxy P1, if in network
N2, use proxy P2, if in doubt, do not use any proxy." And then having an
explicit management API to configure such rules. The worst that can happen
with that kind of rule is that the client fails to properly identify the
network, and uses the wrong proxy -- but if will only use a proxy that was
explicitly configured in one of the rules. That is, we may get a performance
hit, but not a security failure.

-- Christian Huitema
Received on Sunday, 16 March 2014 06:59:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC