draft-ietf-wrec-wpad-00.txt   draft-ietf-wrec-wpad-01.txt 
INTERNET-DRAFT Paul Gauthier INTERNET-DRAFT Paul Gauthier
Expires: December 1999 Inktomi Corporation Expires: December 1999 Inktomi Corporation
Category: Standards Track Josh Cohen Category: Standards Track Josh Cohen
draft-ietf-wrec-wpad-00.txt Microsoft Corporation draft-ietf-wrec-wpad-01.txt Microsoft Corporation
Martin Dunsmuir Martin Dunsmuir
RealNetworks, Inc. RealNetworks, Inc.
Charles Perkins Charles Perkins
Sun Microsystems, Inc. Sun Microsystems, Inc.
Web Proxy Auto-Discovery Protocol Web Proxy Auto-Discovery Protocol
Status of This Memo Status of This Memo
This document is a submission by the WREC Working Group of the This document is a submission by the WREC Working Group of the
skipping to change at page 2, line 5 skipping to change at page 2, line 5
Web client implementers are faced with a dizzying array of resource Web client implementers are faced with a dizzying array of resource
discovery protocols at varying levels of implementation and discovery protocols at varying levels of implementation and
deployment. This complexity is hampering deployment of a "web proxy deployment. This complexity is hampering deployment of a "web proxy
auto-discovery "facility. This document proposes a pragmatic auto-discovery "facility. This document proposes a pragmatic
approach to web proxy auto-discovery. It draws on a number of approach to web proxy auto-discovery. It draws on a number of
proposed standards in the light of practical deployment concerns. It proposed standards in the light of practical deployment concerns. It
proposes an escalating strategy of resource discovery attempts in proposes an escalating strategy of resource discovery attempts in
order to find a nearby web proxy server. It attempts to provide rich order to find a nearby web proxy server. It attempts to provide rich
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
mechanisms for supporting a complex environment, which may contain mechanisms for supporting a complex environment, which may contain
multiple web proxy servers. multiple web proxy servers.
Table of Contents Table of Contents
Status of This Memo...................................................1 Status of This Memo...................................................1
Abstract..............................................................1 Abstract..............................................................1
Table of Contents.....................................................2 Table of Contents.....................................................2
1. Conventions used in this document................................2 1. Conventions used in this document................................2
skipping to change at page 2, line 28 skipping to change at page 2, line 28
4. The Discovery Process............................................4 4. The Discovery Process............................................4
4.1. WPAD Overview................................................4 4.1. WPAD Overview................................................4
4.2. When to Execute WPAD.........................................6 4.2. When to Execute WPAD.........................................6
4.2.1. Upon Startup of the Web Client............................7 4.2.1. Upon Startup of the Web Client............................7
4.2.2. Network Stack Events......................................7 4.2.2. Network Stack Events......................................7
4.2.3. Expiration of the CFILE...................................7 4.2.3. Expiration of the CFILE...................................7
4.3. WPAD Protocol Specification..................................7 4.3. WPAD Protocol Specification..................................7
4.4. Discovery Mechanisms.........................................9 4.4. Discovery Mechanisms.........................................9
4.4.1. DHCP......................................................9 4.4.1. DHCP......................................................9
4.4.2. SVRLOC/SLP...............................................10 4.4.2. SVRLOC/SLP...............................................10
4.4.3. DNS A/CNAME "Well Known Aliasesö........................10 4.4.3. DNS A/CNAME "Well Known Aliases........................10
4.4.4. DNS SRV Records..........................................10 4.4.4. DNS SRV Records..........................................10
4.4.5. DNS TXT service: Entries.................................11 4.4.5. DNS TXT service: Entries.................................11
4.4.6. Fallback.................................................11 4.4.6. Fallback.................................................11
4.4.7. Timeouts.................................................11 4.4.7. Timeouts.................................................11
4.5. Composing a Candidate CURL..................................12 4.5. Composing a Candidate CURL..................................12
4.6. Retrieving the CFILE at the CURL............................12 4.6. Retrieving the CFILE at the CURL............................12
4.7. Resuming Discovery..........................................12 4.7. Resuming Discovery..........................................12
5. Client Implementation Considerations............................12 5. Client Implementation Considerations............................12
6. Proxy Server Considerations.....................................13 6. Proxy Server Considerations.....................................13
7. Administrator Considerations....................................13 7. Administrator Considerations....................................13
8. Conditional Compliance..........................................14 8. Conditional Compliance..........................................14
8.1. Class 0 - Minimally compliant...............................14 8.1. Class 0 - Minimally compliant...............................15
8.2. Class 1 - Compliant.........................................15 8.2. Class 1 - Compliant.........................................15
8.3. Class 2 - Maximally compliant...............................15 8.3. Class 2 - Maximally compliant...............................15
9. Security Considerations.........................................15 9. Security Considerations.........................................15
10. Acknowledgements................................................15 10. Acknowledgements................................................16
11. Copyright.......................................................16 11. Copyright.......................................................16
12. References......................................................16 12. References......................................................16
13. Author Information..............................................17 13. Author Information..............................................17
1. Conventions used in this document 1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in "Key words for use in document are to be interpreted as described in "Key words for use in
RFCs to Indicate Requirement Levels" [KEYWORDS]. RFCs to Indicate Requirement Levels" [KEYWORDS].
2. Introduction 2. Introduction
The problem of locating nearby web proxy cache servers can not wait The problem of locating nearby web proxy cache servers can not wait
for the implementation and large scale deployment of various for the implementation and large scale deployment of various
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
upcoming resource discovery protocols. The widespread success of the upcoming resource discovery protocols. The widespread success of the
HTTP protocol and the recent popularity of streaming media has HTTP protocol and the recent popularity of streaming media has
placed unanticipated strains on the networks of corporations, ISPs placed unanticipated strains on the networks of corporations, ISPs
and backbone providers. There currently is no effective method for and backbone providers. There currently is no effective method for
these organizations to realize the obvious benefits of web caching these organizations to realize the obvious benefits of web caching
without tedious and error prone configuration by each and every end without tedious and error prone configuration by each and every end
user. user.
The de-facto mechanism for specifying a web proxy server The de-facto mechanism for specifying a web proxy server
skipping to change at page 4, line 5 skipping to change at page 4, line 5
configured with the URL of a proxy auto-configuration file or configured with the URL of a proxy auto-configuration file or
script. The contents of this script are vendor specific and not script. The contents of this script are vendor specific and not
currently standardized. This document does not attempt to discuss currently standardized. This document does not attempt to discuss
the contents of these files (see[8] for an example file format). the contents of these files (see[8] for an example file format).
Thus, the Web Proxy Auto-Discovery (WPAD) problem reduces to Thus, the Web Proxy Auto-Discovery (WPAD) problem reduces to
providing the web client a mechanism for discovering the URL of the providing the web client a mechanism for discovering the URL of the
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
Configuration File. Once this Configuration URL (CURL) is known, the Configuration File. Once this Configuration URL (CURL) is known, the
client software already contains mechanisms for retrieving and client software already contains mechanisms for retrieving and
interpreting the Configuration File (CFILE) to enable access to the interpreting the Configuration File (CFILE) to enable access to the
specified proxy cache servers. specified proxy cache servers.
It is worth carefully noting that the goal of the WPAD process is to It is worth carefully noting that the goal of the WPAD process is to
discover the correct CURL at which to retrieve the CFILE. The client discover the correct CURL at which to retrieve the CFILE. The client
is *not* trying to directly discover the name of the proxy server. is *not* trying to directly discover the name of the proxy server.
That would circumvent the additional capabilities provided by proxy That would circumvent the additional capabilities provided by proxy
skipping to change at page 5, line 5 skipping to change at page 5, line 5
protocol. It is intended to introduce the concepts and flow of the protocol. It is intended to introduce the concepts and flow of the
protocol. The remaining sub-sections (3.2-3.7) will provide the protocol. The remaining sub-sections (3.2-3.7) will provide the
rigorous specification of the protocol details. WPAD uses a rigorous specification of the protocol details. WPAD uses a
collection of pre-existing Internet resource discovery mechanisms to collection of pre-existing Internet resource discovery mechanisms to
perform web proxy auto-discovery. Readers may wish to refer to [1] perform web proxy auto-discovery. Readers may wish to refer to [1]
for a similar approach to resource discovery, since it was a basis for a similar approach to resource discovery, since it was a basis
for this strategy. The WPAD protocol specifies the following: for this strategy. The WPAD protocol specifies the following:
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
- how to use each mechanism for the specific purpose of web proxy - how to use each mechanism for the specific purpose of web proxy
auto-discovery auto-discovery
- the order in which the mechanisms should be performed - the order in which the mechanisms should be performed
- the minimal set of mechanisms which must be attempted by a WPAD - the minimal set of mechanisms which must be attempted by a WPAD
compliant web client compliant web client
The resource discovery mechanisms utilized by WPAD are as follows. The resource discovery mechanisms utilized by WPAD are as follows.
- Dynamic Host Configuration Protocol (DHCP, [3,7]). - Dynamic Host Configuration Protocol (DHCP, [3,7]).
- Service Location Protocol (SLP, [4]). - Service Location Protocol (SLP, [4]).
- "Well Known Aliasesö using DNS A records [5,9]. - "Well Known Aliases using DNS A records [5,9].
- DNS SRV records [2,9]. - DNS SRV records [2,9].
- "service: URLs" in DNS TXT records [10]. - "service: URLs" in DNS TXT records [10].
Of all these mechanisms only the DHCP and ôWell Known Aliasesö are Of all these mechanisms only the DHCP and “Well Known Aliases” are
required in WPAD clients. This decision is based on three reasons: required in WPAD clients. This decision is based on three reasons:
these facilities are currently widely deployed in existing vendor these facilities are currently widely deployed in existing vendor
hardware and software; they represent functionality that should hardware and software; they represent functionality that should
cover most real world environments; they are relatively simple to cover most real world environments; they are relatively simple to
implement. implement.
DNS servers supporting A records are clearly the most widely DNS servers supporting A records are clearly the most widely
deployed of the services outlined above. It is reasonable to expect deployed of the services outlined above. It is reasonable to expect
API support inside most web client development environments (POSIX API support inside most web client development environments (POSIX
C, Java, etc). The hierarchical nature of DNS makes it possible to C, Java, etc). The hierarchical nature of DNS makes it possible to
skipping to change at page 6, line 5 skipping to change at page 6, line 5
code in C is available [11]. code in C is available [11].
The WPAD client attempts a series of resource discovery requests, The WPAD client attempts a series of resource discovery requests,
using the discovery mechanisms mentioned above, in a specific order. using the discovery mechanisms mentioned above, in a specific order.
Clients only attempt mechanisms that they support (obviously). Each Clients only attempt mechanisms that they support (obviously). Each
time the discovery attempt succeeds; the client uses the information time the discovery attempt succeeds; the client uses the information
obtained to construct a CURL. If a CFILE is successfully retrieved obtained to construct a CURL. If a CFILE is successfully retrieved
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
at that CURL, the process completes. If not, the client resumes at that CURL, the process completes. If not, the client resumes
where it left of in the predefined series of resource discovery where it left of in the predefined series of resource discovery
requests. If no untried mechanisms remain and a CFILE has not been requests. If no untried mechanisms remain and a CFILE has not been
successfully retrieved, the WPAD protocol fails and the client is successfully retrieved, the WPAD protocol fails and the client is
configured to use no proxy server. configured to use no proxy server.
First the client tries DHCP, followed by SLP. If no CFILE has been First the client tries DHCP, followed by SLP. If no CFILE has been
retrieved the client moves on to the DNS based mechanisms. The retrieved the client moves on to the DNS based mechanisms. The
client will cycle through the DNS SRV, ôWell Known Aliasesö and DNS client will cycle through the DNS SRV, “Well Known Aliases” and DNS
TXT record methods multiple times. Each time through the QNAME being TXT record methods multiple times. Each time through the QNAME being
used in the DNS query is made less and less specific. In this manner used in the DNS query is made less and less specific. In this manner
the client can locate the most specific configuration information the client can locate the most specific configuration information
possible, but can fall back on less specific information. Every DNS possible, but can fall back on less specific information. Every DNS
lookup has the QNAME prefixed with ôwpadö to indicate the resource lookup has the QNAME prefixed with “wpad” to indicate the resource
type being requested. type being requested.
As an example, consider a client with hostname johns- As an example, consider a client with hostname johns-
desktop.development.foo.com. Assume the web client software supports desktop.development.foo.com. Assume the web client software supports
all of the mechanisms listed above. This is the sequence of all of the mechanisms listed above. This is the sequence of
discovery attempts the client would perform until one succeeded in discovery attempts the client would perform until one succeeded in
locating a valid CFILE: locating a valid CFILE:
- DHCP - DHCP
- SLP - SLP
skipping to change at page 7, line 5 skipping to change at page 7, line 5
- Upon startup of the web client. - Upon startup of the web client.
- Whenever there indication from the networking stack that the IP - Whenever there indication from the networking stack that the IP
address of the client host either has, or could have, changed. address of the client host either has, or could have, changed.
In addition, the client MUST attempt a discovery cycle upon In addition, the client MUST attempt a discovery cycle upon
expiration of a previously downloaded CFILE in accordance with expiration of a previously downloaded CFILE in accordance with
HTTP/1.1. HTTP/1.1.
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
4.2.1. Upon Startup of the Web Client 4.2.1. Upon Startup of the Web Client
For many types of web client (like web browsers) there can be many For many types of web client (like web browsers) there can be many
instances of the client operating for a given user at one time. This instances of the client operating for a given user at one time. This
is often to allow display of multiple web pages in different is often to allow display of multiple web pages in different
windows, for example. There is no need to re-perform WPAD every time windows, for example. There is no need to re-perform WPAD every time
a new instance of the web client is opened. WPAD MUST be performed a new instance of the web client is opened. WPAD MUST be performed
when the number of web client instances transitions from 0 to 1. It when the number of web client instances transitions from 0 to 1. It
SHOULD NOT be performed as additional instances are created. SHOULD NOT be performed as additional instances are created.
4.2.2. Network Stack Events 4.2.2. Network Stack Events
Another option for clients is to tie the execution of WPAD to Another option for clients is to tie the execution of WPAD to
changes in the networking environment. If the client can learn about changes in the networking environment. If the client can learn about
the change of the local hostÆs IP address, or the possible change of the change of the local hosts IP address, or the possible change of
the IP address, it MUST re-perform the WPAD protocol. Many the IP address, it MUST re-perform the WPAD protocol. Many
operating systems provide indications of ônetwork upö events, for operating systems provide indications of “network up” events, for
example. Those types of events and system-boot events might be the example. Those types of events and system-boot events might be the
triggers for WPAD in many environments. triggers for WPAD in many environments.
4.2.3. Expiration of the CFILE 4.2.3. Expiration of the CFILE
The HTTP retrieval of the CURL may return HTTP headers specifying a The HTTP retrieval of the CURL may return HTTP headers specifying a
valid lifetime for the CFILE returned. The client MUST obey these valid lifetime for the CFILE returned. The client MUST obey these
timeouts and rerun the PAD process when it expires. A client MAY timeouts and rerun the PAD process when it expires. A client MAY
rerun the WPAD process if it detects a failure of the currently rerun the WPAD process if it detects a failure of the currently
configured proxy (which is not otherwise recoverable via the configured proxy (which is not otherwise recoverable via the
skipping to change at page 8, line 5 skipping to change at page 8, line 5
The following pseudo-code defines the WPAD protocol. If a The following pseudo-code defines the WPAD protocol. If a
particular discovery mechanism is not supported, treat it as a particular discovery mechanism is not supported, treat it as a
failed discovery attempt in the pseudo-code. failed discovery attempt in the pseudo-code.
In addition, this logic is expressed below in pseudo-code. In addition, this logic is expressed below in pseudo-code.
The following pseudo-code fragment defines WPAD. Unsupported The following pseudo-code fragment defines WPAD. Unsupported
discovery mechanisms are treated as failure in the pseudo-code. discovery mechanisms are treated as failure in the pseudo-code.
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
Two subroutines need explanation. The subroutine Two subroutines need explanation. The subroutine
strip_leading_component(dns_string) strips off the leading strip_leading_component(dns_string) strips off the leading
characters, up to and including the first dot (`.') in the string characters, up to and including the first dot (`.') in the string
which is passed as a parameter, and is expected to contain DNS name. which is passed as a parameter, and is expected to contain DNS name.
The Boolean subroutine is_not_canonical(dns_string) returns FALSE if The Boolean subroutine is_not_canonical(dns_string) returns FALSE if
dns_string is one of the canonical domain suffixes defined in RFC dns_string is one of the canonical domain suffixes defined in RFC
1591 [13] (for example, "com"). 1591 [13] (for example, "com").
The slp_list and dns_list elements below are assumed to be linked The slp_list and dns_list elements below are assumed to be linked
skipping to change at page 9, line 5 skipping to change at page 9, line 5
/* SHOULD try DNS TXT records */ /* SHOULD try DNS TXT records */
dns_list = dns_query(/*QNAME=wpad.TGTDOM., dns_list = dns_query(/*QNAME=wpad.TGTDOM.,
QTYPE=TXT (section 4.4.5)*/); QTYPE=TXT (section 4.4.5)*/);
while (dns_list != null) { /* each TXT record */ while (dns_list != null) { /* each TXT record */
if isvalid(read_CFILE(dns_list, curl_data)) if isvalid(read_CFILE(dns_list, curl_data))
return SUCCESS; /* valid CFILE */ return SUCCESS; /* valid CFILE */
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
else else
dns_list = dns_list.next; dns_list = dns_list.next;
} }
/* MUST try DNS A records */ /* MUST try DNS A records */
dns_list = dns_query(/*QNAME=wpad.TGTDOM., dns_list = dns_query(/*QNAME=wpad.TGTDOM.,
QTYPE=A (Section 4.4.3)*/); QTYPE=A (Section 4.4.3)*/);
while (dns_list != null) { /* check each A record */ while (dns_list != null) { /* check each A record */
skipping to change at page 10, line 5 skipping to change at page 10, line 5
Client implementations MUST support DHCP. DHCP has widespread Client implementations MUST support DHCP. DHCP has widespread
support innumerous vendor hardware and software implementations, and support innumerous vendor hardware and software implementations, and
is widely deployed. It is also perfectly suited to this task, and is is widely deployed. It is also perfectly suited to this task, and is
used to discover other network resources (such a time servers, used to discover other network resources (such a time servers,
printers, etc). The DHCP protocol is detailed in RFC 2131 [3]. printers, etc). The DHCP protocol is detailed in RFC 2131 [3].
We propose a new DHCP option with code 252 for use in web proxy We propose a new DHCP option with code 252 for use in web proxy
auto-discovery. See RFC 2132 [7] for a list of existing DHCP auto-discovery. See RFC 2132 [7] for a list of existing DHCP
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
options. See "Conditional Compliance" for more information on DHCP options. See "Conditional Compliance" for more information on DHCP
requirements. requirements.
The client should obtain the value of the DHCP option code 252 as The client should obtain the value of the DHCP option code 252 as
returned by the DHCP server. If the client has already conducted returned by the DHCP server. If the client has already conducted
DHCP protocol during its initialization, the DHCP server may already DHCP protocol during its initialization, the DHCP server may already
have supplied that value. If the value is not available through a have supplied that value. If the value is not available through a
client OS API, the client SHOULD use a DHCPINFORM message to query client OS API, the client SHOULD use a DHCPINFORM message to query
the DHCP server to obtain the value. the DHCP server to obtain the value.
The DHCP option code for WPAD is 252 by agreement of the DHC working The DHCP option code for WPAD is 252 by agreement of the DHC working
group chair. This option is of type STRING. This string contains a group chair. This option is of type STRING. This string contains a
URL which points to an appropriate config file. The STRING is of URL which points to an appropriate config file. The STRING is of
arbitrary size. arbitrary size.
An example STRING value would be: An example STRING value would be:
"http://server.domain/proxyconfig.pac" "http://server.domain/proxyconfig.pac"
4.4.2. SVRLOC/SLP 4.4.2. Service Location Protocol /SLP
The IETF SVRLOC working group has proposed the Service Location The Service Location Protocol [RFC2608] is a Proposed Standard for
Protocol(SLP) for general resource discovery. SLP is still evolving discovering services in the Internet. SLP has several reference
rapidly and the reference implementation has not yet become widely implementations available; for details, check the following web
deployed. As such, this document will not detail its use for WPAD. page:
Client implementations MAY choose to implement SLP support.
It is expected that valid SLP responses will provide one or more
complete CURLs. Each candidate CURL so created should be pursued as
specified in section 4.5 and beyond.
4.4.3. DNS A/CNAME "Well Known Aliasesö http://www.svrloc.org/
A service type for use with WPAD has been defined and is available
as an Internet Draft.
Client implementations SHOULD implement SLP. SLP Service Replies
will provide one or more complete CURLs. Each candidate CURL so
created should be pursued as specified in section 4.5 and beyond.
4.4.3. DNS A/CNAME "Well Known Aliases”
Client implementations MUST support this mechanism. This should be Client implementations MUST support this mechanism. This should be
straightforward since only basic DNS lookup of A records is straightforward since only basic DNS lookup of A records is
required. See RFC 2219 [5] for a description of using "well known" required. See RFC 2219 [5] for a description of using "well known"
DNS aliases for resource discovery. We propose the "well known DNS aliases for resource discovery. We propose the "well known
aliasö of "wpad" for web proxy auto-discovery. alias of "wpad" for web proxy auto-discovery.
The client performs the following DNS lookup: The client performs the following DNS lookup:
QNAME=wpad.TGTDOM., QCLASS=IN, QTYPE=A QNAME=wpad.TGTDOM., QCLASS=IN, QTYPE=A
Each A RR, which is returned, contains an IP address which is used Each A RR, which is returned, contains an IP address which is used
to replace the <HOST> default in the CURL. to replace the <HOST> default in the CURL.
Each candidate CURL so created should be pursued as specified in Each candidate CURL so created should be pursued as specified in
section 4.5 and beyond. section 4.5 and beyond.
4.4.4. DNS SRV Records 4.4.4. DNS SRV Records
Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
Client implementations SHOULD support the DNS SRV mechanism. Details Client implementations SHOULD support the DNS SRV mechanism. Details
of the protocol can be found in RFC 2052 [2]. If the implementation of the protocol can be found in RFC 2052 [2]. If the implementation
language/environment provides the ability to perform DNS lookups on language/environment provides the ability to perform DNS lookups on
QTYPEs other than A, client implementers are strongly encouraged to QTYPEs other than A, client implementers are strongly encouraged to
Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99
provide this support. It is acknowledged that not all resolver APIs provide this support. It is acknowledged that not all resolver APIs
provide this functionality. provide this functionality.
The client issues the following DNS lookup: The client issues the following DNS lookup:
QNAME=wpad.tcp.TGTDOM., QCLASS=IN, QTYPE=SRV QNAME=wpad.tcp.TGTDOM., QCLASS=IN, QTYPE=SRV
If it receives SRV RRs in response, the client should use each valid If it receives SRV RRs in response, the client should use each valid
RR in the order specified in RFC 2052 [2]. Each valid record will RR in the order specified in RFC 2052 [2]. Each valid record will
specify both a <HOST> and a <PORT> to override the CURL defaults. specify both a <HOST> and a <PORT> to override the CURL defaults.
skipping to change at page 11, line 28 skipping to change at page 11, line 32
section 4.5 and beyond. section 4.5 and beyond.
4.4.5. DNS TXT service: Entries 4.4.5. DNS TXT service: Entries
Client implementation SHOULD support this mechanism. If the Client implementation SHOULD support this mechanism. If the
implementation language/environment provides the ability to perform implementation language/environment provides the ability to perform
DNS lookups on QTYPEs other than A, the vendor is strongly DNS lookups on QTYPEs other than A, the vendor is strongly
encouraged to provide this support. It is acknowledged that not all encouraged to provide this support. It is acknowledged that not all
resolver APIs provide this functionality. resolver APIs provide this functionality.
The client should attempt to retrieve TXT RRs from the DNS to obtain The client should attempt to retrieve TXT RRs from the DNS to obtain
ôservice: URLsö contained therein. The ôservice: URLö will be of the “service: URLs” contained therein. The “service: URL” will be of the
following format, specifying a complete candidate CURL for each following format, specifying a complete candidate CURL for each
record located: record located:
service: wpad:http://<HOST>:<PORT><PATH> service: wpad:http://<HOST>:<PORT><PATH>
The client should first issue the following DNS query: The client should first issue the following DNS query:
QNAME=wpad.TGTDOM., QCLASS=IN, QTYPE=TXT QNAME=wpad.TGTDOM., QCLASS=IN, QTYPE=TXT
It should process each TXT RR it receives (if any) using each It should process each TXT RR it receives (if any) using each
service:URL found (if any) to generate a candidate CURL. These CURLs service:URL found (if any) to generate a candidate CURL. These CURLs
skipping to change at page 11, line 52 skipping to change at page 11, line 56
be suggested by that document. be suggested by that document.
4.4.6. Fallback 4.4.6. Fallback
Clients MUST NOT implement the "Fallback" mechanism described in Clients MUST NOT implement the "Fallback" mechanism described in
[1]. It is unlikely that a client will find a web server prepared to [1]. It is unlikely that a client will find a web server prepared to
handle the CURL request at a random suffix of its FQDN. This will handle the CURL request at a random suffix of its FQDN. This will
only increase the number of DNS probes and introduce an excess of only increase the number of DNS probes and introduce an excess of
spurious "GET" requests on those hapless web servers. spurious "GET" requests on those hapless web servers.
Instead, the "Well Known Aliasesö method of section 3.4.4 provides Instead, the "Well Known Aliases method of section 3.4.4 provides
equivalent functionality. equivalent functionality.
4.4.7. Timeouts 4.4.7. Timeouts
Implementers are encouraged to limit the time elapsed in each
discovery phase. When possible, limiting each phase to 10 seconds
is considered reasonable. Implementers may choose a different value
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
Implementers are encouraged to limit the time elapsed in each
discovery phase. When possible, limiting each phase to 10 seconds
is considered reasonable. Implementers may choose a different value
which is more appropriate to their network properties. For example, which is more appropriate to their network properties. For example,
a device implementation, which operated over a wireless network, may a device implementation, which operated over a wireless network, may
use a much larger timeout to account for low bandwidth or high use a much larger timeout to account for low bandwidth or high
latency. latency.
4.5. Composing a Candidate CURL 4.5. Composing a Candidate CURL
Any successful discovery mechanism response will provide a Any successful discovery mechanism response will provide a
<HOST>(perhaps in the form of an IP address). Some mechanisms will <HOST>(perhaps in the form of an IP address). Some mechanisms will
also provide a <PORT> and/or a <PATH>. The client should override also provide a <PORT> and/or a <PATH>. The client should override
skipping to change at page 12, line 56 skipping to change at page 12, line 59
portion of the process will result in a single broadcast by the portion of the process will result in a single broadcast by the
client, and perhaps a few replies by listening DHCP servers. client, and perhaps a few replies by listening DHCP servers.
The remaining mechanisms are all DNS based. All DNS queries should The remaining mechanisms are all DNS based. All DNS queries should
have the QNAME terminated with a trailing '.' to indicate a FQDN and have the QNAME terminated with a trailing '.' to indicate a FQDN and
expedite the lookup. As such each TGTDOM iteration will cause 3 DNS expedite the lookup. As such each TGTDOM iteration will cause 3 DNS
lookups, each a unicast UDP packet and a reply. Most clients will lookups, each a unicast UDP packet and a reply. Most clients will
have fewer than 2TGTDOM iterations, limiting the total number of DNS have fewer than 2TGTDOM iterations, limiting the total number of DNS
request/replies to6. request/replies to6.
All total, 7 UDP request/reply packets on client startup is quite a
low overhead. The first web page downloaded by the client will
likely dwarf that packet count. Each of the DNS lookups should stand
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
All total, 7 UDP request/reply packets on client startup is quite a
low overhead. The first web page downloaded by the client will
likely dwarf that packet count. Each of the DNS lookups should stand
a high chance of hitting the cache in the client's DNS server, since a high chance of hitting the cache in the client's DNS server, since
other clients will have likely looked them up recently, providing a other clients will have likely looked them up recently, providing a
low total elapsed time. low total elapsed time.
This is of course the worst case, where no CURLS are obtained, and This is of course the worst case, where no CURLS are obtained, and
assuming a long client FQDN. Often, a successful CURL will be found assuming a long client FQDN. Often, a successful CURL will be found
early in the protocol, reducing the total packet count. early in the protocol, reducing the total packet count.
Client implementations are encouraged to overlap this protocol work Client implementations are encouraged to overlap this protocol work
with other startup activities. Also, client implementers with with other startup activities. Also, client implementers with
concerns about performance can choose to implement only the concerns about performance can choose to implement only the
discovery mechanisms listed as MUST in section 3.4. discovery mechanisms listed as MUST in section 3.4.
A longer delay could occur if a CURL is obtained, but the hosting A longer delay could occur if a CURL is obtained, but the hosting
web server is down. The client could spend considerable time waiting web server is down. The client could spend considerable time waiting
for the TCP ôconnect ()ö call to fail. Luckily this is an extremely for the TCP “connect ()” call to fail. Luckily this is an extremely
rare case where the web server hosting the CFILE has failed. See rare case where the web server hosting the CFILE has failed. See
section 5, where proxy server implementers are encouraged to provide section 5, where proxy server implementers are encouraged to provide
support for hosting CURLs on the proxy itself (acting as web support for hosting CURLs on the proxy itself (acting as web
server). Since proxy servers are often deployed with considerable server). Since proxy servers are often deployed with considerable
attention to fault tolerance, this corner case can be further attention to fault tolerance, this corner case can be further
minimized. minimized.
6. Proxy Server Considerations 6. Proxy Server Considerations
As mentioned in the previous section, it is suggested that proxy As mentioned in the previous section, it is suggested that proxy
skipping to change at page 13, line 56 skipping to change at page 13, line 59
compatible clients MUST implement). Beyond that, configuring to compatible clients MUST implement). Beyond that, configuring to
support mechanisms earlier in the search order will improve client support mechanisms earlier in the search order will improve client
startup time. startup time.
One of the major motivations for this protocol structure was to One of the major motivations for this protocol structure was to
support client location of "nearby" proxy servers. In many support client location of "nearby" proxy servers. In many
environments there may be a number of proxy servers (workgroup, environments there may be a number of proxy servers (workgroup,
corporate gateway, ISP, backbone). There are a number of possible corporate gateway, ISP, backbone). There are a number of possible
points at which "nearness" decisions can be made in this framework: points at which "nearness" decisions can be made in this framework:
Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
- DHCP servers for different subnets can return different answers. - DHCP servers for different subnets can return different answers.
They can also base decisions on the client cipaddr field or the They can also base decisions on the client cipaddr field or the
client identifier option. client identifier option.
Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99
- DNS servers can be configured to return different SRV/A/TXT RRs - DNS servers can be configured to return different SRV/A/TXT RRs
for Different domain suffixes (for example, QNAMEs for Different domain suffixes (for example, QNAMEs
wpad.marketing.bigcorp.com and wpad.development.bigcorp.com). wpad.marketing.bigcorp.com and wpad.development.bigcorp.com).
- The web server handling the CURL request can make decisions based - The web server handling the CURL request can make decisions based
on the "User-Agent", "Accept", client IP on the "User-Agent", "Accept", client IP
address/subnet/hostname, and the topological distribution of address/subnet/hostname, and the topological distribution of
nearby proxy servers, etc. This can occur inside a CGI nearby proxy servers, etc. This can occur inside a CGI
executable created to handle the CURL. As mentioned above it executable created to handle the CURL. As mentioned above it
could be a proxy server itself handing the CURL request and could be a proxy server itself handing the CURL request and
skipping to change at page 14, line 57 skipping to change at page 14, line 61
option along with its IP address, and which cannot support the DHCP option along with its IP address, and which cannot support the DHCP
INFORM unicast request, presumably to a known and trusted DHCP INFORM unicast request, presumably to a known and trusted DHCP
server, the likelihood of an undetected spoofing attack is server, the likelihood of an undetected spoofing attack is
increased. Having an individual program, such as a browser, trying increased. Having an individual program, such as a browser, trying
to detect a DHCP server on a network is unreasonable, in the to detect a DHCP server on a network is unreasonable, in the
authors' opinion. On platforms which use DHCP for their system IP authors' opinion. On platforms which use DHCP for their system IP
address and have previously trusted a DHCP server, a unicast DHCP address and have previously trusted a DHCP server, a unicast DHCP
INFORM to that same trusted server does not introduce any additional INFORM to that same trusted server does not introduce any additional
trust to that server. trust to that server.
8.1. Class 0 - Minimally compliant
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
8.1. Class 0 - Minimally compliant
A WPAD implementation which implements only the following discovery A WPAD implementation which implements only the following discovery
mechanisms and interval schemes is considered class 0 compliant: mechanisms and interval schemes is considered class 0 compliant:
DNS A record queries DNS A record queries
Browser or System session refresh intervals Browser or System session refresh intervals
Class 0 compliance is only applicable to systems or implementations Class 0 compliance is only applicable to systems or implementations
which do not natively support DHCP and or cannot securely determine which do not natively support DHCP and or cannot securely determine
a trusted local DHCP server. a trusted local DHCP server.
skipping to change at page 15, line 58 skipping to change at page 15, line 60
DHCP and DNS. The groups driving those standards, as well as the SLP DHCP and DNS. The groups driving those standards, as well as the SLP
protocol standards, are addressing security. protocol standards, are addressing security.
When using DHCP discovery, clients are encouraged to use unicast When using DHCP discovery, clients are encouraged to use unicast
DHCP INFORM queries instead of broadcast queries which are more DHCP INFORM queries instead of broadcast queries which are more
easily spoofed in insecure networks. easily spoofed in insecure networks.
Minimally, it can be said that the WPAD protocol does not create new Minimally, it can be said that the WPAD protocol does not create new
security weaknesses. security weaknesses.
10. Acknowledgements
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
10. Acknowledgements
The authors' work on this specification would be incomplete without The authors' work on this specification would be incomplete without
the assistance of many people. Specifically, the authors would like the assistance of many people. Specifically, the authors would like
the express their gratitude to the following people: the express their gratitude to the following people:
Chuck Neerdaels, Inktomi, for providing assistance in the design of Chuck Neerdaels, Inktomi, for providing assistance in the design of
the WPAD protocol as well as for providing reference the WPAD protocol as well as for providing reference
implementations. implementations.
Arthur Bierer, Darren Mitchell, Sean Edmison, Mario Rodriguez, Danpo Arthur Bierer, Darren Mitchell, Sean Edmison, Mario Rodriguez, Danpo
skipping to change at page 16, line 57 skipping to change at page 16, line 59
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
12. References 12. References
[1] Moats, R., Hamilton, M., and P. Leach, "Finding Stuff (How to [1] Moats, R., Hamilton, M., and P. Leach, "Finding Stuff (How to
discover services)", Internet Draft, October 1997. discover services)", Internet Draft, October 1997.
[2] Gulbrandsen, A., and P. Vixie, "A DNS RR for specifying the
location of services (DNS SRV)", RFC 2052, October 1996
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
[2] Gulbrandsen, A., and P. Vixie, "A DNS RR for specifying the
location of services (DNS SRV)", RFC 2052, October 1996
[3] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [3] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[4] Veizades, J., Guttman, E., Perkins, C., and M. Day, "Service [4] Veizades, J., Guttman, E., Perkins, C., and M. Day, "Service
Location Protocol," Internet Draft, October 1997. Location Protocol," Internet Draft, October 1997.
[5] Hamilton, M., and R. Wright, "Use of DNS Aliases for Network [5] Hamilton, M., and R. Wright, "Use of DNS Aliases for Network
Services", RFC 2219, October 1997. Services", RFC 2219, October 1997.
skipping to change at page 17, line 33 skipping to change at page 17, line 36
Netscape Corporation, Netscape Corporation,
http://home.netscape.com/eng/mozilla/2.0/relnotes/ http://home.netscape.com/eng/mozilla/2.0/relnotes/
demo/proxy-live.html, March 1996. demo/proxy-live.html, March 1996.
[9] Mockapetris, P., "Domain Names - Concepts and Facilities", [9] Mockapetris, P., "Domain Names - Concepts and Facilities",
RFC 1034, November 1987. RFC 1034, November 1987.
[10] Perkins, C., Guttman, E., and J. Kempf, "Service Templates and [10] Perkins, C., Guttman, E., and J. Kempf, "Service Templates and
service: Schemes", Internet Draft, December 1997. service: Schemes", Internet Draft, December 1997.
[11] ôA Sample DHCP Implementation for WPADö, Inktomi Corporation, [11] “A Sample DHCP Implementation for WPAD”, Inktomi Corporation,
http://www.inktomi.com/TBD.html, February 1998. http://www.inktomi.com/TBD.html, February 1998.
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
13. Author Information 13. Author Information
Paul Gauthier Paul Gauthier
Inktomi Corporation Inktomi Corporation
1900 South Norfolk Street Suite 310, San Mateo, CA 94403-1151 1900 South Norfolk Street Suite 310, San Mateo, CA 94403-1151
skipping to change at page 17, line 57 skipping to change at page 17, line 60
Josh Cohen Josh Cohen
Microsoft Corporation Microsoft Corporation
One Microsoft Way, Redmond, WA 98052 One Microsoft Way, Redmond, WA 98052
Phone: (425) 703-5812 Phone: (425) 703-5812
Email: joshco@microsoft.com Email: joshco@microsoft.com
Martin Dunsmuir Martin Dunsmuir
RealNetworks, Inc. RealNetworks, Inc.
1111 3rd Ave, Suite 2900, Seattle, WA 98101 1111 3rd Ave, Suite 2900, Seattle, WA 98101
Phone: (206) 674-2237 Phone: (206) 674-2237
Email: martind@real.com
Charles Perkins
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 6/24/99 INTERNET-DRAFT Web Proxy Auto-Discovery Protocol 7/28/99
Email: martind@real.com
Charles Perkins
Sun Microsystems, Inc. Sun Microsystems, Inc.
15 Network Circle, Menlo Park, CA 94025 15 Network Circle, Menlo Park, CA 94025
Phone: (650) 786-6464 Phone: (650) 786-6464
Email: charles.perkins@Sun.COM Email: charles.perkins@Sun.COM
Category: Standards Track Expires: December 1999 Category: Standards Track Expires: December 1999
 End of changes. 46 change blocks. 
67 lines changed or deleted 69 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/