Yes, it is an interesting outcome — but I think that in the same was that a VPN interface is a PvD, a proxy configuration that can tunnel traffic (particularly in the case of CONNECT-IP proxies that support passing any and all IP traffic) is indeed a PvD with it’s own configuration.
Rather than having MASQUE proxies define yet another mechanism for communicating DNS zones and split DNS configs, I’m proposing we use the already-defined HTTP JSON for PvDs here. Seemed like the cleanest answer =) Tommy > On Jun 28, 2023, at 10:11 PM, Erik Kline <ek.i...@gmail.com> wrote: > > <no hats> > > Looks like an interesting proposal, and it raised an interesting point: that > proxies can be provisioning domains unto themselves (this hadn't exactly > occurred to me before, but makes sense). > > Looking forward to more discussion. > > Thanks, > -ek > > On Wed, Jun 28, 2023 at 1:42 PM Tommy Pauly > <tpauly=40apple....@dmarc.ietf.org <mailto:40apple....@dmarc.ietf.org>> wrote: >> Hello INTAREA and MASQUE, >> >> I wanted to share a new draft >> (https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-00.html) >> that uses Provisioning Domains (from intarea-produced RFC 8801) to: >> >> - Discover URLs (and URL templates) of HTTP proxies such as MASQUE proxies >> that are provided by a network. This allows ISP and carrier networks to >> advertise proxies they support, which is useful for clients to learn about >> proxies they could use a first hop of a chain of privacy proxies, or for >> solutions like AT-SSS in 3GPP. >> - Associate a PvD with an HTTP proxy to learn which subset of domains it >> might support, and other related proxies. This allows proxies to support >> “split DNS” configurations. >> >> Note that this would allow us to have a standard way to replace some of the >> functionality that WPAD and PAC files are used for otherwise. >> >> I’d like to present this at IETF 117 to both the INTAREA and MASQUE groups, >> if possible. >> >> Please take a read; your comments are appreciated! >> >> Best, >> Tommy >> >>> Begin forwarded message: >>> >>> >>> A new version of I-D, draft-pauly-intarea-proxy-config-pvd-00.txt >>> has been successfully submitted by Tommy Pauly and posted to the >>> IETF repository. >>> >>> Name: draft-pauly-intarea-proxy-config-pvd >>> Revision: 00 >>> Title: Communicating Proxy Configurations in Provisioning >>> Domains >>> Document date: 2023-06-27 >>> Group: Individual Submission >>> Pages: 10 >>> URL: >>> https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-00.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-pauly-intarea-proxy-config-pvd/ >>> Html: >>> https://www.ietf.org/archive/id/draft-pauly-intarea-proxy-config-pvd-00.html >>> Htmlized: >>> https://datatracker.ietf.org/doc/html/draft-pauly-intarea-proxy-config-pvd >>> >>> >>> Abstract: >>> This document defines a mechanism for accessing provisioning domain >>> information associated with a proxy, such a list of DNS zones that >>> are accessible via an HTTP CONNECT proxy. It also defines a way to >>> enumerate proxies that are associated with a known provisioning >>> domain. >>> >>> Discussion Venues >>> >>> This note is to be removed before publishing as an RFC. >>> >>> Source for this draft and an issue tracker can be found at >>> https://github.com/tfpauly/privacy-proxy. >>> >>> >>> >>> >>> The IETF Secretariat >>> >>> >> >> _______________________________________________ >> Int-area mailing list >> Int-area@ietf.org <mailto:Int-area@ietf.org> >> https://www.ietf.org/mailman/listinfo/int-area
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
