- From: Christian Huitema <huitema@huitema.net>
- Date: Sat, 15 Mar 2014 23:58:30 -0700
- To: "'Amos Jeffries'" <squid3@treenet.co.nz>, "'Peter Lepeska'" <bizzbyster@gmail.com>
- Cc: <ietf-http-wg@w3.org>
>> Not trying to side track your ideas on improving WPAD but in my opinion the >> increased focus on Internet Hardening decreases the likelihood that an >> invisible proxy discovery protocol will be enhanced without changes to the >> consent model and UI. > > Mixing interactions between WPAD and trust mechanisms to make them > circularly dependent seems to be what is de-railing all attempts at > improving either part so far IMHO. > > WPAD should be naive. Enough to get back both trusted and un-trustable > results. Not really. The scenario that you propose would leave a lot of decisions to be made in real-time by the end users, based on information from insecure and easy-to-spoof channels. That seems like a recipe for troubles. We should recognize that "trusting a proxy" is a decision with lots of potential consequences, and adopt a fail-safe mechanism. For example, having a set of rules of the form, "if in network N1, use proxy P1, if in network N2, use proxy P2, if in doubt, do not use any proxy." And then having an explicit management API to configure such rules. The worst that can happen with that kind of rule is that the client fails to properly identify the network, and uses the wrong proxy -- but if will only use a proxy that was explicitly configured in one of the rules. That is, we may get a performance hit, but not a security failure. -- Christian Huitema
Received on Sunday, 16 March 2014 06:59:54 UTC