RE: WPD - Proxy Discovery

On Monday, November 03, 2014 4:39 PM Mark Nottingham wrote:

>- Authentication / Authorisation — how does the browser know that the proxy is who they say they are (e.g., “from my >network”) and that they’re allowed to act in this capacity?

>- User Experience — how does the user of the browser become aware of and give permission to (or opt out of) the >proxy, considering that UX around security and configuration is so tricky?

Questions you raised in regards to Authentication, Authorization and User Experience are all worthy and will need to be addressed if there is interest in this group to pursue a proxy discovery approach. Creation of a white-list or UA retrieving configuration from a device (static discovery) or UA determining authority of the network advertising WPD (dynamic discovery) can potentially be a starting point for authentication and authorization. 

The browser/user interaction for presenting an authorized list of proxies and user selection (optional), is surely far from trivial and can only occur with input from the browser community if this aspect is to be considered as part of solution to WPD discovery. 

Thanks
Sanjay

-----Original Message-----
From: Mark Nottingham [mailto:mnot@mnot.net] 
Sent: Monday, November 03, 2014 4:39 PM
To: Mishra, Sanjay; diego.r.lopez@telefonica.com
Cc: ietf-http-wg@w3.org
Subject: Re: WPD - Proxy Discovery

Hi Sanjay and Diego,

To summarise where I think we’re at — the fundamental issues with discovery are:

- Authentication / Authorisation — how does the browser know that the proxy is who they say they are (e.g., “from my network”) and that they’re allowed to act in this capacity?

- User Experience — how does the user of the browser become aware of and give permission to (or opt out of) the proxy, considering that UX around security and configuration is so tricky?

These issues have come up consistently when we’ve discussed discovery in the past.

Right now, the “default” answer for discovery is an intercepting proxy. That’s a layer violation (which makes many people sad, including HTTP people because it’s difficult to disambiguate between the proxy and the origin), but it has *better* security properties than e.g., WPAD, because it isn’t trusted more than the network itself, and it’s harder to spoof.

Any solution which automatically inserts an intermediary (with or without user interaction) is going to see a fair amount of scrutiny and pushback, I think, because it’s introducing a new attack vector.

So far, the most promising direction for this that I’ve heard seems to be having a whitelist of authorities which the browser is willing to trust advertisements from, and then requiring cryptographic proof before trusting such an advertisement. How that whitelist gets populated, however, would likely be contentious (and may not even be suitable for standardisation).

At any rate, we’ll have time for discussion in HNL; should be interesting.

Cheers,

 
> On 4 Nov 2014, at 2:48 am, Mishra, Sanjay <sanjay.mishra@verizon.com> wrote:
> 
> Hi everyone. Staying with WPD, I too have some additional input to the WPD draft.
>  
> I believe, WPD assumes, or even requires, that the initial WPD authority is explicitly configured somehow*.  That configuration implies that authorization occurs prior to any discovery.  Discovery is pretty much limited to finding a valid instance. [*For this email, assuming that this can happen as a result of a direct user action; or it could be baked into the client somehow. From the outside, these are basically indistinguishable]
>  
> I have a suggestion. How about, have the network advertise the availability of proxies? This would invert the order of operations, so that an advertisement could be made, the client would acquire the WPD and a user would - if they choose to use a proxy at all - be able to select from the list of advertised proxies.
>  
> Automatic discovery of proxies presents some challenges.  Of all of the discovery mechanisms the IETF has produced (and the multitude proposed outside of the IETF), there isn't a single one that is universally applicable.  Most of these mechanisms rely on layer 2 features, where the only common layer on the Internet is layer 3.
> 
> Would like to hear if anyone has any thoughts on this.
>  
> Thanks
> Sanjay

--
Mark Nottingham   http://www.mnot.net/

Received on Tuesday, 4 November 2014 20:45:06 UTC