WPD Proxy Discovery IETF 91 – Nov 2014 William Chow

WPD Proxy Discovery
IETF 91 – Nov 2014
William Chow
[email protected]
1
Background: Web Proxy Description I-D
• Core Features [link to I-D]
– Defines URI “web-proxy-desc” per RFC 5785
– JSON file format (abbreviated):
{
“name” : “proxy1”,
“proxies”: [ {
“host”: “proxy1.example.com”,
“port”: 8080,
} ] }
• Key Aspects
– Explicitly configured proxy for HTTP, not HTTPS/MITM
– Well-known URI, but not fully qualified URL
• https://??authority??/.well-known/web-desc-proxy
2
Proxy Scenarios with Simple WPD Associations
Probe a pre-configured/whitelisted WPD Authority
Operator proxy
associated to device
P
Core
Internet
Origin
Cloud proxy associated
to app (e.g. browser)
P
Hotspot
Internet
Origin
3
Proxy Scenarios with Dynamic WPD Associations
No access without
enabling work proxy
P
Office
User experience slower by 4X
without optimization
P
Inflight/Satellite
Data bill higher by 3X
without enabling proxy
P
Personal:
MiFi, USB
4
User Discovery of Network-specific WPD
+-------+
+------+
+----------+
+-----+
+----------+
|Origin |
|Client|
| WiFi AP |
|Proxy|
|WPD Server|
|Server |
+--+---+
+----+-----+
+-----+
+----------+
+---+---+
|Device connects to |
|
|
|
|WiFi access point
|
|
|
|
|------------------->|
|
|
|
|
|
|
|
|
|UA: captive portal |
|
|
|
|detect/login
|
|
|
| (layer 7)
HTTP-only
|------------------->|
|
|
|
discovery
|
|
|
|
| enables
broad-based
app
|
|
|
|
|
|UA: GET http://*/<WPDURI>
| Redirect |
|
implementation
|-------------------------------------.
|
|
|
|
| |
|
|
.--<------------------------------------'
|
|
| |UA: GET https://<WPDAUTH>/<WPDURI> |
|
|
'-|---------------------------------------------->|
|
|
|
|
|
|
Secure authentication
|
|
|
|
|
of
WPD
file
Authorization |UA: set up TLS connection
|
|
|
of WPD
|---------------------------------->|
|
|
|
|
|
|
authority via |
|
|
|
|
|
whitelist or
|UA: send HTTP/s requests
|Proxy: forwards
|
user opt in
|---------------------------------->|------------------------->|
|
|
|
|
|
5
Thank You
• Internet-Draft
– http://tools.ietf.org/html/draft-chow-httpbis-proxy-discovery00
• Authors
– William Chow
• Mobolize
• Email: [email protected]
– Sanjay Mishra
• Verizon Communications
• Email: [email protected]
– James McEachern (editor)
• ATIS
• Email: [email protected]
6