David Woodhouse <[email protected]> writes: > On Mon, 2016-05-09 at 14:21 +0200, Bjørn Mork wrote: >> >> And if the goal is to make NM behave like Windows: Does that mean >> replicating the idiotic requests for a toplevel "wpad.", or clearly >> bogus "wpad.local" too? >> >> If that is really the intention, then I'm going to shut up now. Else, I >> ask that you reconsider what your claim "Just Work for us as well as it >> does for Windows users" implies. > > There are users in corporate networks who *have* to use the proxies, > because direct connections to the outside world don't work.
Yes, and those networks will use DHCP to configure proxies. Anything else would be crazy. > Sure, a rogue network could still advertise intel.com in the search > domains in its DHCP response, and provide its own PAC content. But then > again, it could have just given you a DHCP option 252. Once the > attacker has *that* much control, I think you lost the game already. Yes, a rogue network is one thing. No way to protect yourself there of course. The problem with using DNS for proxy config is that you aren't even safe on a trusted network, unless you are very careful about which domain names you use. Most users won't know that their choice of host name might have security implications. Because it shouldn't. Bjørn _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
