Skip to Content.
Sympa Menu

cat-users - [cat-users] Apple devices: support proxy auto-discovery (WPAD)?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

[cat-users] Apple devices: support proxy auto-discovery (WPAD)?


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: "cat-users AT geant.net" <cat-users AT geant.net>
  • Subject: [cat-users] Apple devices: support proxy auto-discovery (WPAD)?
  • Date: Mon, 18 Nov 2013 10:00:56 +0100
  • List-archive: <https://mail.geant.net/mailman/private/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
  • Openpgp: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hello,

our Apple "mobileconfig" eduroam configurators currently do net set a flag

"ProxyType = Auto" [1]

which would make devices check automatically if the local hotspot needs
you to go through a proxy. It would use the "WPAD" discovery process. [2]

In eduroam, we don't like web proxies. Still, their use is in principle
allowed under certain conditions as per policy. And if they *are* in
use, enabling WPAD will make the browsing experience much easier /
possible at all when roaming to a hotspot which requires it.

When talking about the main eduroam SSID, any setting we put in there
will either be set for *all* hotspots (IDP's own home hotspot *and*
roaming ones) or none. Also, even IdPs which despise proxies have no way
of knowing whether their own users will eventually roam to a hotspot
which requires this setting.

All this speaks against making WPAD proxy discovery a per-IdP option; it
either should be there or not, eduroam-wide (so, no option bloat for you
:-) ).

We're currently considering to add this auto-discovery property to our
Apple installers for version 1.1 of CAT. Having the setting on "Auto"
should not have any detrimental effects on hotspots which don't
implement it.

So it seems like this is pretty much always a good thing. One possible
exception being that there could be sites which do have a WPAD proxy,
but make its use optional. In these cases, setting Auto would make us
decide about a setting for the end use which he doesn't actually like.
The same thing would be true for every user on the site though, being
CAT-provisioned or not - because they would need to take manual action
to move Operating Systems off of the default (e.g. Microsoft operating
systems tend to have this on "Auto" by default).

If you have an opinion on whether we should or should not set this flag
in Apple mobileconfig in the future, please reply to this mail and let
us know.

Greetings,

Stefan Winter

[1]
https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
(Wi-Fi Payload, last entry)

[2] https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page