{resending without typo on [email protected]. See I looked up the ML
name to be sure, but then fat-fingered it...}https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options lists option 135, "HTTP Proxy for phone-specific applications" but with no reference! What does this option do, and who uses it? I was looking if there was a way to set an HTTP Proxy, specifically in the context of a captive-portal network that wanted to quarantine untrustworthy hosts, but also wanted to allow them to reach out to a firmware update server in order to get patched back to trustworthiness. Going through an HTTP proxy allows the captive-portal/quarantine system to see what end-system is being asked for. In the case of HTTP, the content might even be cached, which is useful in avoiding a (bandwidth) DoS. While most updates would be HTTPS now, using CONNECT still shows the URL. {The infrastructure, once it figured out that the host was trustworthy, would disconnect the client device, and when it reconnected, it would be put on a real network. Or, the user might ask for an exception via the portal interface} My conclusion is that no such DHCP option was ever practical/common. The Proxy auto-config (PAC) is javascript, which is not so widely useful, and not very secure. There is the Web Proxy Auto-Discovery Protocol (WPAD), which claims to be available via DHCP option, but I don't think any DHCP option was ever recorded by IANA... it seems it's "site-local" option 252 according to: https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Captive-portals mailing list -- [email protected] To unsubscribe send an email to [email protected]
