[Int-area] Re: New Version Notification for draft-bonica-intarea-icmp-op-exp-00.txt

Hello Ron and authors, While preparing IETF-120, I had a quick look at this I-D. Like others have written, an informational RFC cannot easily be used as a normative reference (moreover it does not specify anything). Suggest removing this goal from the abstract. If sections 8 and 9 were expande

[Int-area] Upcoming MAPRG session at IETF-120

Hi INT people, I just wanted to point out our upcoming MAPRG agenda to you as we have some interesting talks, e.g. on NAT64 and IPv6 attacks on IoT devices (see below). The agenda is also available here: https://datatracker.ietf.org/meeting/120/materials/agenda-120-maprg-02 Hope to see you Wed

[Int-area] Re: New version of WPADNG

Hi David, Transparent proxies have always been out of scope for WPAD since they are transparent. I do agree that the vast increase in bandwidth has made caching largely unnecessary. It is also true that enterprise tools can provision proxy information across the fleet; that was true in the late 1

[Int-area] Re: New version of WPADNG

One adversary is willing to devote an entire nuclear submarine to the task. They are more than willing to use existing vulnerabilities in ways that you never hear about because they are good at their jobs. If you use network links to configure your device, and the device goes to the coffeeshop, th

[Int-area] Re: New version of WPADNG

You lost me with the nuclear submarine reference. I'm guessing instead of a terminal room, the IETF now has a navy? The coffee shop gives you your IP address, default route to the Internet, DNS servers and other DHCP options. It often has a captive portal, which may also have a transparent proxy

[Int-area] Re: New version of WPADNG

For the enterprise case, I think the problem is the need for a root of trust. The model I would expect on modern systems would be that you have an enterprise-installed configuration on your enterprise-provisioned device that says “use this proxy on this network”, or “use this VPN on these networ

[Int-area] Re: New version of WPADNG

In RFC 5505, the IAB took on this question, separating basic IP configuration (which has in practice proved difficult to secure) from application-layer configuration (which can be postponed until later in the boot process when security facilities are available to secure it). As David pointed ou

[Int-area] Re: New version of WPADNG

On Wed, Jul 17, 2024, 7:36 PM Josh Cohen wrote: > > You lost me with the nuclear submarine reference. I'm guessing instead of a > terminal room, the IETF now has a navy? https://en.m.wikipedia.org/wiki/USS_Jimmy_Carter She wasn't made for sitting around. > > The coffee shop gives you your IP a