- From: Josh Cohen <joshco@gmail.com>
- Date: Wed, 17 Jul 2024 22:36:04 -0400
- To: Watson Ladd <watsonbladd@gmail.com>
- Cc: David Schinazi <dschinazi.ietf@gmail.com>, int-area@ietf.org, ietf-http-wg@w3.org
- Message-ID: <CAF3KT4Se2=TxChwcthnbAOnvOfd_ji7mUHCS4aS_UwJcTFgaLQ@mail.gmail.com>
You lost me with the nuclear submarine reference. I'm guessing instead of a terminal room, the IETF now has a navy? The coffee shop gives you your IP address, default route to the Internet, DNS servers and other DHCP options. It often has a captive portal, which may also have a transparent proxy that filters, can eavesdrop or otherwise abuse you. It is *their* network after all, you are just a guest. That's aside from chai latte sipping wifi snoopers and the general jungle of public wifi. I'm definitely getting the "WPAD suxorz" vibe, but what's missing are answers to how scenarios WPAD currently addresses will be addressed without it. At work, your computer uses your enterprise's proxy. When you arrive at the coffeeshop, will you go into your computer's settings and turn off the proxy? When you go back to work the next day, will you go back into your settings and turn it on again? On Wed, Jul 17, 2024 at 7:50 PM Watson Ladd <watsonbladd@gmail.com> wrote: > One adversary is willing to devote an entire nuclear submarine to the > task. They are more than willing to use existing vulnerabilities in > ways that you never hear about because they are good at their jobs. > > If you use network links to configure your device, and the device goes > to the coffeeshop, that coffeeshop gets to configure the device. > That's just inherently a bad idea, and always has been. > > Sincerely, > Watson Ladd > > -- > Astra mortemque praestare gradatim > -- --- *Josh Co*hen
Received on Thursday, 18 July 2024 02:36:21 UTC