It does indeed seem cleaner ;-) From: Int-area <int-area-boun...@ietf.org> on behalf of Tommy Pauly <tpauly=40apple....@dmarc.ietf.org> Date: Thursday, 29 June 2023 at 17:32 To: Erik Kline <ek.i...@gmail.com> Cc: MASQUE <mas...@ietf.org>, "int-area@ietf.org" <int-area@ietf.org> Subject: Re: [Int-area] draft-pauly-intarea-proxy-config-pvd-00
Yes, it is an interesting outcome — but I think that in the same was that a VPN interface is a PvD, a proxy configuration that can tunnel traffic (particularly in the case of CONNECT-IP proxies that support passing any and all IP traffic) is indeed a PvD with it’s own configuration. Rather than having MASQUE proxies define yet another mechanism for communicating DNS zones and split DNS configs, I’m proposing we use the already-defined HTTP JSON for PvDs here. Seemed like the cleanest answer =) Tommy On Jun 28, 2023, at 10:11 PM, Erik Kline <ek.i...@gmail.com> wrote: <no hats> Looks like an interesting proposal, and it raised an interesting point: that proxies can be provisioning domains unto themselves (this hadn't exactly occurred to me before, but makes sense). Looking forward to more discussion. Thanks, -ek On Wed, Jun 28, 2023 at 1:42 PM Tommy Pauly <tpauly=40apple....@dmarc.ietf.org<mailto:40apple....@dmarc.ietf.org>> wrote: Hello INTAREA and MASQUE, I wanted to share a new draft (https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-00.html) that uses Provisioning Domains (from intarea-produced RFC 8801) to: - Discover URLs (and URL templates) of HTTP proxies such as MASQUE proxies that are provided by a network. This allows ISP and carrier networks to advertise proxies they support, which is useful for clients to learn about proxies they could use a first hop of a chain of privacy proxies, or for solutions like AT-SSS in 3GPP. - Associate a PvD with an HTTP proxy to learn which subset of domains it might support, and other related proxies. This allows proxies to support “split DNS” configurations. Note that this would allow us to have a standard way to replace some of the functionality that WPAD and PAC files are used for otherwise. I’d like to present this at IETF 117 to both the INTAREA and MASQUE groups, if possible. Please take a read; your comments are appreciated! Best, Tommy Begin forwarded message: A new version of I-D, draft-pauly-intarea-proxy-config-pvd-00.txt has been successfully submitted by Tommy Pauly and posted to the IETF repository. Name: draft-pauly-intarea-proxy-config-pvd Revision: 00 Title: Communicating Proxy Configurations in Provisioning Domains Document date: 2023-06-27 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-00.txt Status: https://datatracker.ietf.org/doc/draft-pauly-intarea-proxy-config-pvd/ Html: https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-00.html Htmlized: https://datatracker.ietf.org/doc/html/draft-pauly-intarea-proxy-config-pvd Abstract: This document defines a mechanism for accessing provisioning domain information associated with a proxy, such a list of DNS zones that are accessible via an HTTP CONNECT proxy. It also defines a way to enumerate proxies that are associated with a known provisioning domain. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tfpauly/privacy-proxy. The IETF Secretariat _______________________________________________ Int-area mailing list Int-area@ietf.org<mailto:Int-area@ietf.org> https://www.ietf.org/mailman/listinfo/int-area
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
