- From: Josh Cohen <joshco@gmail.com>
- Date: Thu, 18 Jul 2024 09:29:25 -0400
- To: Watson Ladd <watsonbladd@gmail.com>
- Cc: David Schinazi <dschinazi.ietf@gmail.com>, int-area@ietf.org, ietf-http-wg@w3.org
- Message-ID: <CAF3KT4QYM+y+43LU3DNxX4S5LOGYe0SoLBZRhjOTVrM7X_RUdQ@mail.gmail.com>
On Wed, Jul 17, 2024 at 11:00 PM Watson Ladd <watsonbladd@gmail.com> wrote: > On Wed, Jul 17, 2024, 7:36 PM Josh Cohen <joshco@gmail.com> wrote: > > > > You lost me with the nuclear submarine reference. I'm guessing instead > of a terminal room, the IETF now has a navy? > > https://en.m.wikipedia.org/wiki/USS_Jimmy_Carter She wasn't made for > sitting around. > > > > > The coffee shop gives you your IP address, default route to the > Internet, DNS servers and other DHCP options. It often has a captive > portal, which may also have a transparent proxy that filters, can eavesdrop > or otherwise abuse you. It is *their* network after all, you are just a > guest. That's aside from chai latte sipping wifi snoopers and the general > jungle of public wifi. > > So what's WPAD doing here? It's just another way to get that traffic > to the wrong place. Again, the Internet threat model has the network > be untrusted. That might be bad news for the vendors of devices that > don't work that way, but that's what the RFC and design says. And > indeed the coffee shop router shouldn't be trusted. > > I am having dejavu. We had a similar debate 25 years ago. Proxy servers in general weren't exactly popular because they violate the end-to-end ethos. With respect to the network being untrusted, enterprises will push back on that. They will do things that seem draconian. > > > > > > I'm definitely getting the "WPAD suxorz" vibe, but what's missing are > answers to how scenarios WPAD currently addresses will be addressed without > it. > > > > At work, your computer uses your enterprise's proxy. When you arrive at > the coffeeshop, will you go into your computer's settings and turn off the > proxy? When you go back to work the next day, will you go back into your > settings and turn it on again? > > > I think this scenario is due to some fundamental confusion. What is > the enterprise proxy doing? Why is it safe to turn off that function > at the coffeeshop or entrust it to some random person given the > computer will be back on the network the next day? And if the > enterprise network needs to administer hosts, it can do that through > much better ways. > > I was assuming a situation where the enterprise proxy is not accessible from outside of the enterprise network. > > > > > > > > On Wed, Jul 17, 2024 at 7:50 PM Watson Ladd <watsonbladd@gmail.com> > wrote: > >> > >> One adversary is willing to devote an entire nuclear submarine to the > >> task. They are more than willing to use existing vulnerabilities in > >> ways that you never hear about because they are good at their jobs. > >> > >> If you use network links to configure your device, and the device goes > >> to the coffeeshop, that coffeeshop gets to configure the device. > >> That's just inherently a bad idea, and always has been. > >> > >> Sincerely, > >> Watson Ladd > >> > >> -- > >> Astra mortemque praestare gradatim > > > > > > > > -- > > > > --- > > Josh Cohen > -- --- *Josh Co*hen
Received on Thursday, 18 July 2024 13:29:43 UTC