- From: Tommy Pauly <tpauly@apple.com>
- Date: Wed, 17 Jul 2024 19:56:06 -0700
- To: Josh Cohen <joshco@gmail.com>
- Cc: Watson Ladd <watsonbladd@gmail.com>, David Schinazi <dschinazi.ietf@gmail.com>, int-area@ietf.org, ietf-http-wg@w3.org
- Message-id: <4C949237-B8D0-4A2C-B2BB-E6697796A5FE@apple.com>
For the enterprise case, I think the problem is the need for a root of trust. The model I would expect on modern systems would be that you have an enterprise-installed configuration on your enterprise-provisioned device that says “use this proxy on this network”, or “use this VPN on these network conditions”, etc. The device and user trusts these because they’ve installed and consented to the management, and now the device can know that “this enterprise network is special and I should use a proxy”. The issue with a network just pushing a proxy is that the device doesn’t know that the network is trusted to do so, or is just an attacker. That said, I do think there is room for network-discovered proxies, and I’d like to continue to explore how to do that safely in the realm of the PvD-based discovery. I think the cases are going to be more limited there — cases of the network saying “I have this proxy I suggest using because it is well-optimized for my network, if it’s on your trusted list of proxies, then please use it”; or “I have a proxy for enterprise users, if you’re configured with special credentials for this enterprise, please use it to access your internal resources”; or “I have a proxy that can be used to access some locally-cached content under these domains, consider using it if you want to access those”. Tommy > On Jul 17, 2024, at 7:36 PM, Josh Cohen <joshco@gmail.com> wrote: > > You lost me with the nuclear submarine reference. I'm guessing instead of a terminal room, the IETF now has a navy? > > The coffee shop gives you your IP address, default route to the Internet, DNS servers and other DHCP options. It often has a captive portal, which may also have a transparent proxy that filters, can eavesdrop or otherwise abuse you. It is *their* network after all, you are just a guest. That's aside from chai latte sipping wifi snoopers and the general jungle of public wifi. > > I'm definitely getting the "WPAD suxorz" vibe, but what's missing are answers to how scenarios WPAD currently addresses will be addressed without it. > > At work, your computer uses your enterprise's proxy. When you arrive at the coffeeshop, will you go into your computer's settings and turn off the proxy? When you go back to work the next day, will you go back into your settings and turn it on again? > > > On Wed, Jul 17, 2024 at 7:50 PM Watson Ladd <watsonbladd@gmail.com <mailto:watsonbladd@gmail.com>> wrote: >> One adversary is willing to devote an entire nuclear submarine to the >> task. They are more than willing to use existing vulnerabilities in >> ways that you never hear about because they are good at their jobs. >> >> If you use network links to configure your device, and the device goes >> to the coffeeshop, that coffeeshop gets to configure the device. >> That's just inherently a bad idea, and always has been. >> >> Sincerely, >> Watson Ladd >> >> -- >> Astra mortemque praestare gradatim > > > -- > --- > Josh Cohen > > >
Received on Thursday, 18 July 2024 02:56:19 UTC